AI Score
Confidence
High
EPSS
Percentile
85.3%
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
www.debian.org/security/2017/dsa-3882
www.securityfocus.com/bid/99381
forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016