CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
http://securitytracker.com/id?1023370 | vdb entry |
http://www.securityfocus.com/bid/37385 | vdb entry |
http://secunia.com/advisories/37811 | third party advisory vendor advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377 | vendor advisory |
http://www.vupen.com/english/advisories/2009/3580 | vdb entry vendor advisory |