CVE-2010-4602

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 29 December 2010

Summary

The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.

References

ftp://public.dhe.ibm.com/software/rational/clearquest/7.1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/45646

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/64440

vdb-entryx_refsource_XF

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 29, 2010
Vulnerability Reserved
Dec 29, 2010