Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8553

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-8553
Last Modified 10 Jan 2015 09:59:12
Published 17 Dec 2014 02:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8553

Summary

The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.

Vulnerable Systems

Application

  • Mantisbt 1.2.17


References

CONFIRM - https://www.mantisbt.org/bugs/view.php?id=17243

CONFIRM - https://www.mantisbt.org/bugs/changelog_page.php?version_id=191

CONFIRM - https://github.com/mantisbt/mantisbt/commit/f779e3d4394a0638d822849863c4098421d911c5

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1171783

XF - mantisbt-cve20148553-info-disc(99257)

MLIST - [oss-security] 20141207 MantisBT 1.2.18 Released

DEBIAN - DSA-3120


Last Updated: 27 May 2016 11:07:20