Notified:  February 16, 2012 Updated: May 31, 2012

Status

Affected

Vendor Statement

CollabNet has addressed this problem in release 6.0 such that a modified client is no longer effective in escalating permissions. Note for all versions of ScrumWorks Pro, this security issue does not compromise the security of the underlying host operating system and that a modified client does not negate the need for a valid username and password. Further, all activities by modified clients are still logged in the server.log file.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.