Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1687

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-1687
Last Modified 11 May 2011 03:25:43
Published 22 Apr 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1687

Summary

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.

Vulnerable Systems

Application

  • Bestpractical Rt 3.0.0

  • Bestpractical Rt 3.0.1

  • Bestpractical Rt 3.0.10

  • Bestpractical Rt 3.0.11

  • Bestpractical Rt 3.0.12

  • Bestpractical Rt 3.0.2

  • Bestpractical Rt 3.0.3

  • Bestpractical Rt 3.0.4

  • Bestpractical Rt 3.0.5

  • Bestpractical Rt 3.0.6

  • Bestpractical Rt 3.0.7

  • Bestpractical Rt 3.0.7.1

  • Bestpractical Rt 3.0.8

  • Bestpractical Rt 3.0.9

  • Bestpractical Rt 3.2.0

  • Bestpractical Rt 3.2.1

  • Bestpractical Rt 3.2.2

  • Bestpractical Rt 3.2.3

  • Bestpractical Rt 3.4.0

  • Bestpractical Rt 3.4.1

  • Bestpractical Rt 3.4.2

  • Bestpractical Rt 3.4.3

  • Bestpractical Rt 3.4.4

  • Bestpractical Rt 3.4.5

  • Bestpractical Rt 3.4.6

  • Bestpractical Rt 3.6.0

  • Bestpractical Rt 3.6.1

  • Bestpractical Rt 3.6.10

  • Bestpractical Rt 3.6.2

  • Bestpractical Rt 3.6.3

  • Bestpractical Rt 3.6.4

  • Bestpractical Rt 3.6.5

  • Bestpractical Rt 3.6.6

  • Bestpractical Rt 3.6.7

  • Bestpractical Rt 3.6.8

  • Bestpractical Rt 3.6.9

  • Bestpractical Rt 3.8.0

  • Bestpractical Rt 3.8.1

  • Bestpractical Rt 3.8.2

  • Bestpractical Rt 3.8.3

  • Bestpractical Rt 3.8.4

  • Bestpractical Rt 3.8.5

  • Bestpractical Rt 3.8.6

  • Bestpractical Rt 3.8.7

  • Bestpractical Rt 3.8.8

  • Bestpractical Rt 3.8.9

  • Bestpractical Rt 4.0.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=696795

MLIST - [rt-announce] 20110414 RT 3.6.11 Released - Security Release

MLIST - [rt-announce] 20110414 RT 3.8.10 Released - Security Release

MLIST - [rt-announce] 20110414 Security vulnerabilities in RT

XF - rt-search-interface-info-disclosure(66793)

VUPEN - ADV-2011-1071

BID - 47383

DEBIAN - DSA-2220

SECUNIA - 44189

CONFIRM - http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html


Last Updated: 27 May 2016 10:56:24