The Web client in IBM Rational ClearQuest 7.1.1.x prior to 7.1.1.4 and 7.1.2.x prior to 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm rational clearquest 7.1.1.3 |
||
ibm rational clearquest 7.1.1.2 |
||
ibm rational clearquest 7.1.1.1 |
||
ibm rational clearquest 7.1.2 |