Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1685

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-1685
Last Modified 11 May 2011 03:25:42
Published 22 Apr 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2011-1685

Summary

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.

Vulnerable Systems

Application

  • Bestpractical Rt 3.8.0

  • Bestpractical Rt 3.8.1

  • Bestpractical Rt 3.8.2

  • Bestpractical Rt 3.8.3

  • Bestpractical Rt 3.8.4

  • Bestpractical Rt 3.8.5

  • Bestpractical Rt 3.8.6

  • Bestpractical Rt 3.8.7

  • Bestpractical Rt 3.8.8

  • Bestpractical Rt 3.8.9

  • Bestpractical Rt 4.0.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=696795

MLIST - [rt-announce] 20110414 RT 3.8.10 Released - Security Release

MLIST - [rt-announce] 20110414 Security vulnerabilities in RT

XF - rt-externalcustomfield-code-exec(66791)

VUPEN - ADV-2011-1071

BID - 47383

DEBIAN - DSA-2220

SECUNIA - 44189

CONFIRM - http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html


Last Updated: 27 May 2016 10:56:24