CVE-2012-2168 : IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remot

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.

Published 2012-08-17 20:55:04

Updated 2025-04-11 00:51:22

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2012-2168

IBM » Rational Clearquest » Version: 7.1.1.3
cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.1.2
cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.1.1
cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.2
cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.1.4
cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.1.5
cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.1.6
cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.1.7
cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.1.8
cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.2.4
cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.2.5
cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.2.1
cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.2.2
cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.2.3
cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 8.0.0.1
cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 7.1.2.6
cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 8.0.0
cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Rational Clearquest » Version: 8.0.0.2
cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-2168

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-2168

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-2168

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2168

https://exchange.xforce.ibmcloud.com/vulnerabilities/75048

IBM Rational ClearQuest stack trace information disclosure CVE-2012-2168 Vulnerability Report
http://www.ibm.com/support/docview.wss?uid=swg21606319

IBM Security Bulletin: Information Disclosure ClearQuest Web stack traces (CVE-2012-2168)
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822

IBM PM61822: An information disclosure vulnerability was found
Vendor Advisory

Jump to

Vulnerability Details : CVE-2012-2168

Products affected by CVE-2012-2168

Exploit prediction scoring system (EPSS) score for CVE-2012-2168

CVSS scores for CVE-2012-2168

CWE ids for CVE-2012-2168

References for CVE-2012-2168