Vulnerability in Ibm Rational_clearquest

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter…

EPSS: 0.002 (35.9th percentile) — read the EPSS interpretation.

Affected products

Ibm Rational_clearquest — versions 7.1.1.1, 7.1.1.2, 7.1.1.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

rcq-parameter-tampering(75039) (vdb-entry, x_refsource_XF)
PM62735 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)