Detections
Analytics

CVE-2011-1687

medium

Description

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66793

https://bugzilla.redhat.com/show_bug.cgi?id=696795

http://www.vupen.com/english/advisories/2011/1071

http://www.securityfocus.com/bid/47383

http://www.debian.org/security/2011/dsa-2220

http://secunia.com/advisories/44189

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html

http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html

Details

Source: Mitre, NVD

Published: 2011-04-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium