Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9506

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-9506
Last Modified 10 Jan 2015 09:59:27
Published 04 Jan 2015 04:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-9506

Summary

MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.

Vulnerable Systems

Application

  • Mantisbt 1.2.17


References

CONFIRM - https://www.mantisbt.org/bugs/view.php?id=9885

CONFIRM - https://www.mantisbt.org/bugs/changelog_page.php?version_id=191

MLIST - [oss-security] 20141207 MantisBT 1.2.18 Released

DEBIAN - DSA-3120


Last Updated: 27 May 2016 11:07:26