IBM Rational Asset Manager Security Restriction Bypass Vulnerability

Release date: 2011-11-07
Updated on: 2011-11-08

Affected Systems:
IBM Rational Asset Manager 7.5
Unaffected system:
IBM Rational Asset Manager 7.5.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50559

IBM Rational Asset Manager (RAM) is a collaborative software development Asset management solution that supports reusable Asset specifications (RAS, allows organizations to identify, manage, and control the design, development, and use of software assets.

IBM Rational Asset Manager has a Security Restriction Bypass Vulnerability. Remote attackers can exploit this vulnerability to bypass certain security restrictions and modify configurations of other users.

1) Some inputs are not properly filtered before being returned to the user, and arbitrary HTML and script code can be executed in the user's browser;

2) when changing the preferences, an error occurs in the processing method of the access control. You can modify the configurations of other users.

<* Source: IBM (ncsupp@ca.ibm.com)

Link: http://www-01.ibm.com/support/docview.wss? Uid = swg1PM38467
Http://www-01.ibm.com/support/docview.wss? Uid = swg1PM38335
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.ers.ibm.com/