4
CVE-2011-1687
- EPSS 1.45%
- Veröffentlicht 22.04.2011 10:55:02
- Zuletzt bearbeitet 16.06.2026 23:29:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bestpractical ≫ Rt Version3.0.0
Bestpractical ≫ Rt Version3.0.1
Bestpractical ≫ Rt Version3.0.2
Bestpractical ≫ Rt Version3.0.3
Bestpractical ≫ Rt Version3.0.4
Bestpractical ≫ Rt Version3.0.5
Bestpractical ≫ Rt Version3.0.6
Bestpractical ≫ Rt Version3.0.7
Bestpractical ≫ Rt Version3.0.7.1
Bestpractical ≫ Rt Version3.0.8
Bestpractical ≫ Rt Version3.0.9
Bestpractical ≫ Rt Version3.0.10
Bestpractical ≫ Rt Version3.0.11
Bestpractical ≫ Rt Version3.0.12
Bestpractical ≫ Rt Version3.2.0
Bestpractical ≫ Rt Version3.2.1
Bestpractical ≫ Rt Version3.2.2
Bestpractical ≫ Rt Version3.2.3
Bestpractical ≫ Rt Version3.4.0
Bestpractical ≫ Rt Version3.4.1
Bestpractical ≫ Rt Version3.4.2
Bestpractical ≫ Rt Version3.4.3
Bestpractical ≫ Rt Version3.4.4
Bestpractical ≫ Rt Version3.4.5
Bestpractical ≫ Rt Version3.4.6
Bestpractical ≫ Rt Version3.6.0
Bestpractical ≫ Rt Version3.6.1
Bestpractical ≫ Rt Version3.6.2
Bestpractical ≫ Rt Version3.6.3
Bestpractical ≫ Rt Version3.6.4
Bestpractical ≫ Rt Version3.6.5
Bestpractical ≫ Rt Version3.6.6
Bestpractical ≫ Rt Version3.6.7
Bestpractical ≫ Rt Version3.6.8
Bestpractical ≫ Rt Version3.6.9
Bestpractical ≫ Rt Version3.6.10
Bestpractical ≫ Rt Version3.8.0
Bestpractical ≫ Rt Version3.8.1
Bestpractical ≫ Rt Version3.8.2
Bestpractical ≫ Rt Version3.8.3
Bestpractical ≫ Rt Version3.8.4
Bestpractical ≫ Rt Version3.8.5
Bestpractical ≫ Rt Version3.8.6
Bestpractical ≫ Rt Version3.8.6 Updaterc1
Bestpractical ≫ Rt Version3.8.7
Bestpractical ≫ Rt Version3.8.7 Updaterc1
Bestpractical ≫ Rt Version3.8.8
Bestpractical ≫ Rt Version3.8.8 Updaterc2
Bestpractical ≫ Rt Version3.8.8 Updaterc3
Bestpractical ≫ Rt Version3.8.8 Updaterc4
Bestpractical ≫ Rt Version3.8.9
Bestpractical ≫ Rt Version3.8.9 Updaterc1
Bestpractical ≫ Rt Version3.8.9 Updaterc2
Bestpractical ≫ Rt Version3.8.9 Updaterc3
Bestpractical ≫ Rt Version4.0.0 Updaterc1
Bestpractical ≫ Rt Version4.0.0 Updaterc2
Bestpractical ≫ Rt Version4.0.0 Updaterc3
Bestpractical ≫ Rt Version4.0.0 Updaterc4
Bestpractical ≫ Rt Version4.0.0 Updaterc5
Bestpractical ≫ Rt Version4.0.0 Updaterc6
Bestpractical ≫ Rt Version4.0.0 Updaterc7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.45% | 0.698 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
http://secunia.com/advisories/44189
http://www.debian.org/security/2011/dsa-2220
http://www.securityfocus.com/bid/47383
http://www.vupen.com/english/advisories/2011/1071
https://bugzilla.redhat.com/show_bug.cgi?id=696795
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/66793