CVE-2011-3391

Name of the Vulnerable Software and Affected Versions IBM Rational Build Forge version 7.1.2

Description The issue arises from the reliance on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function. This allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu.

Recommendations For IBM Rational Build Forge version 7.1.2, consider disabling the Export Key File function until a proper server-side permission check is implemented to enforce the EditSecurity permission requirement. Restrict access to the Security sub-menu to minimize the risk of exploitation.