Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On Forceful Browsing attack can allow help desk users access to information without appropriate permissions (CVE-2013-5420)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtlow psirtsecurity
0 Comments | 564 Visits
The Enterprise Single Sign On (ESSO) application is vulnerable to forceful browsing attacks. These attacks permit users of the system to access features to which they are not authorized by simply browsing directly to the URL of those features.