CVE-2011-1690

critical

Description

Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66794

https://bugzilla.redhat.com/show_bug.cgi?id=696795

http://www.vupen.com/english/advisories/2011/1071

http://www.securityfocus.com/bid/47383

http://www.debian.org/security/2011/dsa-2220

http://secunia.com/advisories/44189

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html

http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html

Details

Source: Mitre, NVD

Published: 2011-04-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics