Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4732

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4732
Last Modified 01 Mar 2013 11:46:08
Published 11 Nov 2012 08:00:59
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4732

Summary

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.

Vulnerable Systems

Application

  • Bestpractical Rt 3.8.12

  • Bestpractical Rt 3.8.13

  • Bestpractical Rt 3.8.14

  • Bestpractical Rt 4.0.6

  • Bestpractical Rt 4.0.7

  • Bestpractical Rt 4.0.8


References

MLIST - [rt-announce] 20121025 Security vulnerabilities in RT

OSVDB - 86714


Last Updated: 27 May 2016 10:56:40