CVE-2017-5944

EPSS 4.44%
Published 03.07.2017 16:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Bestpractical ≫ Request Tracker Version4.0.0

Bestpractical ≫ Request Tracker Version4.0.1

Bestpractical ≫ Request Tracker Version4.0.2

Bestpractical ≫ Request Tracker Version4.0.3

Bestpractical ≫ Request Tracker Version4.0.4

Bestpractical ≫ Request Tracker Version4.0.5

Bestpractical ≫ Request Tracker Version4.0.6

Bestpractical ≫ Request Tracker Version4.0.7

Bestpractical ≫ Request Tracker Version4.0.8

Bestpractical ≫ Request Tracker Version4.0.9

Bestpractical ≫ Request Tracker Version4.0.10

Bestpractical ≫ Request Tracker Version4.0.11

Bestpractical ≫ Request Tracker Version4.0.12

Bestpractical ≫ Request Tracker Version4.0.13

Bestpractical ≫ Request Tracker Version4.0.14

Bestpractical ≫ Request Tracker Version4.0.15

Bestpractical ≫ Request Tracker Version4.0.16

Bestpractical ≫ Request Tracker Version4.0.17

Bestpractical ≫ Request Tracker Version4.0.18

Bestpractical ≫ Request Tracker Version4.0.19

Bestpractical ≫ Request Tracker Version4.0.20

Bestpractical ≫ Request Tracker Version4.0.21

Bestpractical ≫ Request Tracker Version4.0.22

Bestpractical ≫ Request Tracker Version4.0.23

Bestpractical ≫ Request Tracker Version4.0.24

Bestpractical ≫ Request Tracker Version4.2.0

Bestpractical ≫ Request Tracker Version4.2.1

Bestpractical ≫ Request Tracker Version4.2.2

Bestpractical ≫ Request Tracker Version4.2.3

Bestpractical ≫ Request Tracker Version4.2.4

Bestpractical ≫ Request Tracker Version4.2.5

Bestpractical ≫ Request Tracker Version4.2.6

Bestpractical ≫ Request Tracker Version4.2.7

Bestpractical ≫ Request Tracker Version4.2.8

Bestpractical ≫ Request Tracker Version4.2.9

Bestpractical ≫ Request Tracker Version4.2.10

Bestpractical ≫ Request Tracker Version4.2.11

Bestpractical ≫ Request Tracker Version4.2.12

Bestpractical ≫ Request Tracker Version4.2.13

Bestpractical ≫ Request Tracker Version4.4.0

Bestpractical ≫ Request Tracker Version4.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.44%	0.879

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016

Vendor Advisory

http://www.debian.org/security/2017/dsa-3882

Third Party Advisory

http://www.securityfocus.com/bid/99381

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-5944

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5944

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5944

EUVD