CVE-2010-4602IBM Rational Clearquest vulnerability

CWE-2644 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.2%
top 60.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearquest
Timeline
PublishedDec 29
Latest updateMay 17

Description

The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearquest4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-7mr5-jw74-mxgh: The Web client in IBM Rational ClearQuest 72022-05-17
CVEList
CVE-2010-4602: The Web client in IBM Rational ClearQuest 72010-12-29

💥Exploits & PoCs

1
Exploit-DB
TikiWiki jhot - Remote Command Execution (Metasploit)2010-07-25