Vulnerability Details CVE-2011-1687
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.8%
CVSS Severity
CVSS v2 Score 4.0
References
- http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
- http://secunia.com/advisories/44189
- http://www.debian.org/security/2011/dsa-2220
- http://www.securityfocus.com/bid/47383
- http://www.vupen.com/english/advisories/2011/1071
- https://bugzilla.redhat.com/show_bug.cgi?id=696795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66793
- http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
- http://secunia.com/advisories/44189
- http://www.debian.org/security/2011/dsa-2220
- http://www.securityfocus.com/bid/47383
- http://www.vupen.com/english/advisories/2011/1071
- https://bugzilla.redhat.com/show_bug.cgi?id=696795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66793
Products affected by CVE-2011-1687
-
cpe:2.3:a:bestpractical:rt:3.0.0
-
cpe:2.3:a:bestpractical:rt:3.0.1
-
cpe:2.3:a:bestpractical:rt:3.0.10
-
cpe:2.3:a:bestpractical:rt:3.0.11
-
cpe:2.3:a:bestpractical:rt:3.0.12
-
cpe:2.3:a:bestpractical:rt:3.0.2
-
cpe:2.3:a:bestpractical:rt:3.0.3
-
cpe:2.3:a:bestpractical:rt:3.0.4
-
cpe:2.3:a:bestpractical:rt:3.0.5
-
cpe:2.3:a:bestpractical:rt:3.0.6
-
cpe:2.3:a:bestpractical:rt:3.0.7
-
cpe:2.3:a:bestpractical:rt:3.0.7.1
-
cpe:2.3:a:bestpractical:rt:3.0.8
-
cpe:2.3:a:bestpractical:rt:3.0.9
-
cpe:2.3:a:bestpractical:rt:3.2.0
-
cpe:2.3:a:bestpractical:rt:3.2.1
-
cpe:2.3:a:bestpractical:rt:3.2.2
-
cpe:2.3:a:bestpractical:rt:3.2.3
-
cpe:2.3:a:bestpractical:rt:3.4.0
-
cpe:2.3:a:bestpractical:rt:3.4.1
-
cpe:2.3:a:bestpractical:rt:3.4.2
-
cpe:2.3:a:bestpractical:rt:3.4.3
-
cpe:2.3:a:bestpractical:rt:3.4.4
-
cpe:2.3:a:bestpractical:rt:3.4.5
-
cpe:2.3:a:bestpractical:rt:3.4.6
-
cpe:2.3:a:bestpractical:rt:3.6.0
-
cpe:2.3:a:bestpractical:rt:3.6.1
-
cpe:2.3:a:bestpractical:rt:3.6.10
-
cpe:2.3:a:bestpractical:rt:3.6.2
-
cpe:2.3:a:bestpractical:rt:3.6.3
-
cpe:2.3:a:bestpractical:rt:3.6.4
-
cpe:2.3:a:bestpractical:rt:3.6.5
-
cpe:2.3:a:bestpractical:rt:3.6.6
-
cpe:2.3:a:bestpractical:rt:3.6.7
-
cpe:2.3:a:bestpractical:rt:3.6.8
-
cpe:2.3:a:bestpractical:rt:3.6.9
-
cpe:2.3:a:bestpractical:rt:3.8.0
-
cpe:2.3:a:bestpractical:rt:3.8.1
-
cpe:2.3:a:bestpractical:rt:3.8.2
-
cpe:2.3:a:bestpractical:rt:3.8.3
-
cpe:2.3:a:bestpractical:rt:3.8.4
-
cpe:2.3:a:bestpractical:rt:3.8.5
-
cpe:2.3:a:bestpractical:rt:3.8.6
-
cpe:2.3:a:bestpractical:rt:3.8.7
-
cpe:2.3:a:bestpractical:rt:3.8.8
-
cpe:2.3:a:bestpractical:rt:3.8.9
-
cpe:2.3:a:bestpractical:rt:4.0.0