Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1686

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-1686
Last Modified 12 May 2011 12:00:00
Published 22 Apr 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1686

Summary

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.

Vulnerable Systems

Application

  • Bestpractical Rt 2.0.0

  • Bestpractical Rt 2.0.1

  • Bestpractical Rt 2.0.11

  • Bestpractical Rt 2.0.12

  • Bestpractical Rt 2.0.13

  • Bestpractical Rt 2.0.14

  • Bestpractical Rt 2.0.15

  • Bestpractical Rt 2.0.2

  • Bestpractical Rt 2.0.3

  • Bestpractical Rt 2.0.4

  • Bestpractical Rt 2.0.5

  • Bestpractical Rt 2.0.5.1

  • Bestpractical Rt 2.0.5.3

  • Bestpractical Rt 2.0.6

  • Bestpractical Rt 2.0.7

  • Bestpractical Rt 2.0.8

  • Bestpractical Rt 2.0.8.2

  • Bestpractical Rt 2.0.9

  • Bestpractical Rt 3.0.0

  • Bestpractical Rt 3.0.1

  • Bestpractical Rt 3.0.10

  • Bestpractical Rt 3.0.11

  • Bestpractical Rt 3.0.12

  • Bestpractical Rt 3.0.2

  • Bestpractical Rt 3.0.3

  • Bestpractical Rt 3.0.4

  • Bestpractical Rt 3.0.5

  • Bestpractical Rt 3.0.6

  • Bestpractical Rt 3.0.7

  • Bestpractical Rt 3.0.7.1

  • Bestpractical Rt 3.0.8

  • Bestpractical Rt 3.0.9

  • Bestpractical Rt 3.2.0

  • Bestpractical Rt 3.2.1

  • Bestpractical Rt 3.2.2

  • Bestpractical Rt 3.2.3

  • Bestpractical Rt 3.4.0

  • Bestpractical Rt 3.4.1

  • Bestpractical Rt 3.4.2

  • Bestpractical Rt 3.4.3

  • Bestpractical Rt 3.4.4

  • Bestpractical Rt 3.4.5

  • Bestpractical Rt 3.4.6

  • Bestpractical Rt 3.6.0

  • Bestpractical Rt 3.6.1

  • Bestpractical Rt 3.6.10

  • Bestpractical Rt 3.6.2

  • Bestpractical Rt 3.6.3

  • Bestpractical Rt 3.6.4

  • Bestpractical Rt 3.6.5

  • Bestpractical Rt 3.6.6

  • Bestpractical Rt 3.6.7

  • Bestpractical Rt 3.6.8

  • Bestpractical Rt 3.6.9

  • Bestpractical Rt 3.8.0

  • Bestpractical Rt 3.8.1

  • Bestpractical Rt 3.8.2

  • Bestpractical Rt 3.8.3

  • Bestpractical Rt 3.8.4

  • Bestpractical Rt 3.8.5

  • Bestpractical Rt 3.8.6

  • Bestpractical Rt 3.8.7

  • Bestpractical Rt 3.8.8

  • Bestpractical Rt 3.8.9

  • Bestpractical Rt 4.0.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=696795

MLIST - [rt-announce] 20110414 RT 3.6.11 Released - Security Release

MLIST - [rt-announce] 20110414 RT 3.8.10 Released - Security Release

MLIST - [rt-announce] 20110414 Security vulnerabilities in RT

XF - rt-unspec-sql-injection(66792)

VUPEN - ADV-2011-1071

BID - 47383

DEBIAN - DSA-2220

SECUNIA - 44189

CONFIRM - http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html


Last Updated: 27 May 2016 10:56:24