Vulnerability Details : CVE-2013-0598
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2013-0598
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0598
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-0598
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0598
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/83611
IBM Rational ClearQuest Web Client cross-site request forgery CVE-2013-0598 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg21648665
IBM Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Cross-Site Request Forgery (CVE-2013-0598)Vendor Advisory
Products affected by CVE-2013-0598
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*