Vulnerability Details : CVE-2010-4603
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4603
Probability of exploitation activity in the next 30 days: 0.66%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4603
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
References for CVE-2010-4603
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64439
IBM Rational ClearQuest back-reference security bypass CVE-2010-4603 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21125139
IBM Example of a back reference field for Rational ClearQuest.
- ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme
-
http://www.securityfocus.com/bid/45648
IBM Rational ClearQuest Back Reference Field Security Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186
IBM PM22186: THE CQ CORE SHOULD BE ABLE TO DETECT WHEN A REMOVE IS TAKING PLACE ON A BACKREFERENCE FIELD, AND THROW AN EXCEPTION OR NO-OP
Products affected by CVE-2010-4603
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.0.1.10:*:*:*:*:*:*:*