Vulnerability in Ibm Rational_clearquest

CVE-2010-4602

The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for…

EPSS: 0.002 (39.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Rational_clearquest — versions 7.1.1.2, 7.1.1.1, 7.1.1.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

45646 (vdb-entry, x_refsource_BID)
clearquest-webclient-sec-bypass(64440) (vdb-entry, x_refsource_XF)
PM20172 (vendor-advisory, Exploit, x_refsource_AIXAPAR)