CVE-2011-1390 Information

Description

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9 7.1.2.x before 7.1.2.6 and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

Reference

http://osvdb.org/81815 http://secunia.com/advisories/49093 http://www.securityfocus.com/bid/53483 http://www.securitytracker.com/id?1027060 http://www-01.ibm.com/support/docview.wss?uid=swg21594717 https://exchange.xforce.ibmcloud.com/vulnerabilities/71802