APAR status
Closed as unreproducible in next release.
Error description
CQWeb login page, input '?script? any characters ?/script?' in i d field will display source code of the page.
Local fix
Problem summary
A cross-site scripting vulnerability exists in the login page.
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
PK68332
Reported component name
CLEARQUEST WIN
Reported component ID
5724G3600
Reported release
701
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-06-30
Closed date
2008-07-30
Last modified date
2008-07-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLEARQUEST WIN
Fixed component ID
5724G3600
Applicable component levels
R603 PSY
UP
R604 PSY
UP
R605 PSY
UP
R606 PSY
UP
R60W PSY
UP
R700 PSY
UP
R701 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
30 July 2008