Information Disclosure Vulnerability in IBM Rational Build Forge
CVE-2011-3391

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Build Forge
Vendor: CVE Published:; 8 September 2011

Summary

IBM Rational Build Forge version 7.1.2 has a vulnerability that relies on client-side JavaScript for enforcing security permissions during the Export Key File function. By manipulating the DOM and removing a disable attribute within the Security sub-menu, remote authenticated users can gain unauthorized access to sensitive key files. This improper enforcement of access controls can lead to potential information disclosure risks.

References

http://www.osvdb.org/74831

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/49407

vdb-entryx_refsource_BID

http://securitytracker.com/id?1026004

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 8, 2011
Vulnerability Reserved
Sep 8, 2011