Web Client Vulnerability in IBM Rational ClearQuest by IBM
CVE-2010-4602

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 29 December 2010

Summary

The web client in IBM Rational ClearQuest versions 7.1.1.x prior to 7.1.1.4 and 7.1.2.x prior to 7.1.2.1 is susceptible to an access control bypass. This allows remote authenticated users to circumvent restrictions placed on user access and enables them to read arbitrary records by simply modifying the record number in the URL during a RECORD action. This vulnerability can be exploited by leveraging a modified bookmark, thereby compromising sensitive data and user privacy.

References

ftp://public.dhe.ibm.com/software/rational/clearquest/7.1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/45646

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/64440

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 29, 2010
Vulnerability Reserved
Dec 29, 2010