IBM Rational ClearQuest versions 184.108.40.206 and prior contain a SQL injection vulnerability in the login page that could allow an unauthenticated, remote attacker to execute arbitrary SQL code on the underlying database.
The vulnerability exists when the cqweb/main page handles the GenerateMainFrame command. An unauthenticated, remote attacker could exploit this vulnerability by injecting arbitrary SQL code into the username parameter in a call to the main page that specifies a GenerateMainFrame command. An exploit could allow the attacker to log in to the web application with administrator rights or perform other operations on the underlying database.
Proof-of-concept code is publicly available.
IBM has not confirmed this vulnerability, and updates are not available.