CollabNet Information for VU#442595
ScrumWorks Pro privilege escalation vulnerability
- Vendor Information Help Date Notified: 16 Feb 2012
- Statement Date:
- Date Updated: 31 May 2012
CollabNet has addressed this problem in release 6.0 such that a modified client is no longer effective in escalating permissions. Note for all versions of ScrumWorks Pro, this security issue does not compromise the security of the underlying host operating system and that a modified client does not negate the need for a valid username and password. Further, all activities by modified clients are still logged in the server.log file.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.