PM20172: restricted user can view any record via the browser bookmark

APAR status

Closed as program error.

Error description

ClearQuest Web 7.1.1 with sample database and Firefox and IE any
version

1.   Logon USING ADMIN run query make a note of some record numb
ers (I chose record SAMPL00000025)
1a. Log out once you have chosen your record number.

2. Log in as a restricted user
3. Create a new record and save (record created was number SAMPL
00000049)
4.Right click on newly crated record select 'Bookmark'
5.Create Bookmark as instructed by message box and select save w
hen 'NEW BOOKMARK'window appears.
6.Close 'Bookmark' window ? log out completely out and close CQW
EB.

7. Copy the record url (SAMPL00000049  e.g http://localhost/cqwe
b/#/7.1.1
/SAMPL/RECORD/SAMPL00000049?noframes=true?format=HTML?recordType
=Defect) from normal browser bookmark DO NOT select enter or go

8. Change the number seen for the record in the address bar to t
he record chosen in step 1a. eg http://localhost/cqweb/#/7.1.1
/SAMPL/RECORD/SAMPL00000025?noframes=true?format=HTML?recordType
=Defect.

OR  just paste record choice at step 1a 'http://localhost/cqweb/
#/7.1.1/SAMPL/RECORD/SAMPL00000025?noframes=true?format=HTML?rec
ordType=Defect' in a new browser window or tab

9. Record access to SAMPL00000025 gained via the browser.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
In the ClearQuest 7.1.x Web client, a restricted user can
view any record via the browser bookmark.

Problem conclusion

A fix is available in ClearQuest 7.1.1.4 and 7.1.2.1.

Temporary fix

Comments

APAR Information

APAR number
PM20172
Reported component name
CLEARQUEST WIN
Reported component ID
5724G3600
Reported release
711
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-08-09
Closed date
2010-12-10
Last modified date
2010-12-10

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
CLEARQUEST WIN
Fixed component ID
5724G3600

Applicable component levels

R711 PSN
UP

Rate this page:

(0 users)Average rating

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Document information

Rational ClearQuest

Software version:
7.1.1

Reference #:
PM20172

Modified date:
2010-12-10

PM20172: restricted user can view any record via the browser bookmark

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R711 PSN

Rate this page:

Copyright and trademark information

Rate this page:

Add comments

Document information

Translate my page

Content navigation

Footer links