NVD

Id
15851  
Name
CVE-2010-4602  
Description
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-18  
Published
2010-12-29  
Modified Date
2011-01-11  
Seq
2010-4602  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
89848 15851 CVE-2010-4602 ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme  View
89849 15851 CVE-2010-4602 PM20172  View
89850 15851 CVE-2010-4602 45646  View
89851 15851 CVE-2010-4602 clearquest-webclient-sec-bypass(64440)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
37755 JVNDB-2010-003540 IBM Rational ClearQuest の Web クライアントにおける restricted user の制限を回避する脆弱性 IBM Rational ClearQuest の Web クライアントは、restricted user の制限を回避される、および任意のレコードを読まれる脆弱性が存在します。 CVE-2010-4602 47182 CVE-2010-4602 15851 4 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003540.html 2010-08-09 2012-03-27 View