{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "74831", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/74831"}, {"name": "49407", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49407"}, {"name": "1026004", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1026004"}, {"name": "45871", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45871"}, {"name": "ibm-rational-editsecurity-info-disclosure(69522)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69522"}, {"name": "PM38058", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM38058"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3391", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "74831", "refsource": "OSVDB", "url": "http://www.osvdb.org/74831"}, {"name": "49407", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49407"}, {"name": "1026004", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1026004"}, {"name": "45871", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45871"}, {"name": "ibm-rational-editsecurity-info-disclosure(69522)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69522"}, {"name": "PM38058", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM38058"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3391", "datePublished": "2011-09-08T18:00:00", "dateReserved": "2011-09-08T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_build_forge:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0E153397-07D9-44E1-88D8-7C9565277CC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu."}, {"lang": "es", "value": "IBM Rational Build Forge v7.1.2 se basa en el c\u00f3digo JavaScript del lado cliente para hacer cumplir el requisito de permiso EditSecurity para la funci\u00f3n Export Key File, lo que permite a usuarios autenticados remotamente leer un archivo de clave mediante la eliminaci\u00f3n de un atributo de desactivacion en el sub-men\u00fa Seguridad."}], "id": "CVE-2011-3391", "lastModified": "2017-08-29T01:30:11.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-08T18:55:05.707", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45871"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1026004"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM38058"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/74831"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49407"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69522"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}