4.6

CVE-2011-1685

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BestpracticalRt Version3.8.0
BestpracticalRt Version3.8.1
BestpracticalRt Version3.8.2
BestpracticalRt Version3.8.3
BestpracticalRt Version3.8.4
BestpracticalRt Version3.8.5
BestpracticalRt Version3.8.6
BestpracticalRt Version3.8.6 Updaterc1
BestpracticalRt Version3.8.7
BestpracticalRt Version3.8.7 Updaterc1
BestpracticalRt Version3.8.8
BestpracticalRt Version3.8.8 Updaterc2
BestpracticalRt Version3.8.8 Updaterc3
BestpracticalRt Version3.8.8 Updaterc4
BestpracticalRt Version3.8.9
BestpracticalRt Version3.8.9 Updaterc1
BestpracticalRt Version3.8.9 Updaterc2
BestpracticalRt Version3.8.9 Updaterc3
BestpracticalRt Version4.0.0 Updaterc1
BestpracticalRt Version4.0.0 Updaterc2
BestpracticalRt Version4.0.0 Updaterc3
BestpracticalRt Version4.0.0 Updaterc4
BestpracticalRt Version4.0.0 Updaterc5
BestpracticalRt Version4.0.0 Updaterc6
BestpracticalRt Version4.0.0 Updaterc7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.12% 0.618
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:N/AC:H/Au:S/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
Vendor Advisory
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
Patch
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
Patch
http://secunia.com/advisories/44189
Vendor Advisory
http://www.debian.org/security/2011/dsa-2220
http://www.securityfocus.com/bid/47383
http://www.vupen.com/english/advisories/2011/1071
https://bugzilla.redhat.com/show_bug.cgi?id=696795
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66791