IBM Support

PK68332: CQWeb login page input ?script?anychar?/script? in id field show ing page source code

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible in next release.

Error description

  • CQWeb login page, input '?script? any characters ?/script?' in i
    d field will display source code of the page.
    

Local fix

Problem summary

  • A cross-site scripting vulnerability exists in the login page.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PK68332

  • Reported component name

    CLEARQUEST WIN

  • Reported component ID

    5724G3600

  • Reported release

    701

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-06-30

  • Closed date

    2008-07-30

  • Last modified date

    2008-07-30

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    CLEARQUEST WIN

  • Fixed component ID

    5724G3600

Applicable component levels

  • R603 PSY

       UP

  • R604 PSY

       UP

  • R605 PSY

       UP

  • R606 PSY

       UP

  • R60W PSY

       UP

  • R700 PSY

       UP

  • R701 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
30 July 2008