CVE-2010-4602 Information

Description

The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass \restricted user\ limitations and read arbitrary records via a modified record number in the URL for a RECORD action as demonstrated by a modified bookmark.

Reference

ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme http://www.securityfocus.com/bid/45646 http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172 https://exchange.xforce.ibmcloud.com/vulnerabilities/64440