CVE-2010-4603

IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.

Date published : 2010-12-29

http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186

http://www.securityfocus.com/bid/45648