Lucene search
HistorySep 08, 2011 - 6:55 p.m.
CVE-2011-3391
ibm
rational
build forge
7.1.2
cve-2011-3391
vulnerability
javascript
security
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.4%
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu.
Affected configurations
Node
ibmrational_build_forgeMatch7.1.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm:rational_build_forge | ibm rational build forge | eq | 7.1.2 |
Related
prion
prion
Code injection
2011-09-08 18:55:00
nvd
nvd
CVE-2011-3391
2011-09-08 18:55:05
cvelist
cvelist
CVE-2011-3391
2011-09-08 18:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.4%
Related for CVE-2011-3391