Security Bulletin: ClearQuest Web parameter tampering to elevated privileges (CVE-2012-2164)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtrational psirtmedium
0 Comments | 1,047 Visits
The ClearQuest Web client is subject to an elevated privileges attack on the Site Administration menu. This allows the attacker to adjust parameters which can affect the performance of the ClearQuest Web system.
This attack requires the attacker to have already logged into ClearQuest web client as a valid user. It is then possible for this user to elevate their privilege and access the Site Administration menu.