2005-03-20 05:00:00
mitre
PUBLISHED
The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.