Fixes are available
Rational ClearQuest Fix Pack (7.1.2.5) for version 7.1.2
Rational ClearQuest Fix Pack (8.0.0.1) for version 8.0
Rational ClearQuest Fix Pack 14 (7.1.2.14) for 7.1.2
Rational ClearQuest Fix Pack 11 (8.0.0.11) for 8.0
Rational ClearQuest Fix Pack 12 (8.0.0.12) for 8.0
Rational ClearQuest Fix Pack 15 (7.1.2.15) for 7.1.2
Rational ClearQuest Fix Pack 13 (8.0.0.13) for 8.0
Rational ClearQuest Fix Pack 16 (7.1.2.16) for 7.1.2
Rational ClearQuest Fix Pack 17 (7.1.2.17) for 7.1.2
Rational ClearQuest Fix Pack 14 (8.0.0.14) for 8.0
Rational ClearQuest Fix Pack 18 (7.1.2.18) for 7.1.2
Rational ClearQuest Fix Pack 15 (8.0.0.15) for 8.0
Rational ClearQuest Fix Pack 19 (7.1.2.19) for 7.1.2
Rational ClearQuest Fix Pack 16 (8.0.0.16) for 8.0
Rational ClearQuest Fix Pack 17 (8.0.0.17) for 8.0
Rational ClearQuest Fix Pack 18 (8.0.0.18) for 8.0
Rational ClearQuest Fix Pack 19 (8.0.0.19) for 8.0
Rational ClearQuest Fix Pack 20 (8.0.0.20) for 8.0
Rational ClearQuest Fix Pack 21 (8.0.0.21) for 8.0
APAR status
Closed as program error.
Error description
Customer security scan concerns of CQweb app: Concern: (cross frame design is risky) 3) Cross-Frame Scripting - [OWASP 2010 A 10] Vulnerable Findings https://?servername?/cqweb/ Message: Page found vulnerable to XFS harm weight: 120 (more harmful than others)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** ClearQuest web client was being displayed within an iframe.
Problem conclusion
A fix is available in ClearQuest 7.1.2.5 and 8.0.0.1.
Temporary fix
Comments
APAR Information
APAR number
PM46354
Reported component name
CLEARQUEST WIN
Reported component ID
5724G3600
Reported release
712
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-08-24
Closed date
2011-12-16
Last modified date
2011-12-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLEARQUEST WIN
Fixed component ID
5724G3600
Applicable component levels
R712 PSN
UP
Document Information
Modified date:
16 December 2011