4 matches found
CVE-2011-3391
CVE-2011-3391 affects IBM Rational Build Forge 7.1.2. The flaw arises from relying on client-side JavaScript to enforce the EditSecurity permission for the Export Key File function. This allows remote authenticated users to read a key file by removing the disabled attribute in the Security submen...
CVE-2008-2122
CVE-2008-2122 affects IBM Rational Build Forge 7.0.2. A port scan can trigger multiple bfagent server processes that attempt to read from closed sockets, causing CPU consumption and a DoS (availability impact). Public references describe the issue as remote, with the impact described as partial (...
CVE-2011-1839
IBM Rational Build Forge 7.1.0 is vulnerable because it uses HTTP GET during redirection from the authentication servlet to a PHP script, enabling context-dependent attackers to discover session IDs by reading web-server access logs, Referer logs, or browser history. Affected component: the authe...
CVE-2011-1034
The CVE-2011-1034 issue concerns IBM Rational Build Forge 7.0.2. The vulnerability is a Cross-site Scripting (XSS) in the UI, where an attacker can inject arbitrary script or HTML via the mod parameter to the fullcontrol program. The root cause is improper input handling in the UI component, enab...