CVE-2012-4731

2012-11-1113:00:59

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

69.3%

JSON

FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.

Affected configurations

Nvd

Node

bestpracticalrtfmRange≤2.4.3

bestpracticalrtfmMatch2.2.0

bestpracticalrtfmMatch2.2.1

bestpracticalrtfmMatch2.2.2

bestpracticalrtfmMatch2.4.0

bestpracticalrtfmMatch2.4.1

bestpracticalrtfmMatch2.4.2

VendorProductVersionCPE
bestpracticalrtfm*cpe:2.3:a:bestpractical:rtfm:*:*:*:*:*:*:*:*
bestpracticalrtfm2.2.0cpe:2.3:a:bestpractical:rtfm:2.2.0:*:*:*:*:*:*:*
bestpracticalrtfm2.2.1cpe:2.3:a:bestpractical:rtfm:2.2.1:*:*:*:*:*:*:*
bestpracticalrtfm2.2.2cpe:2.3:a:bestpractical:rtfm:2.2.2:*:*:*:*:*:*:*
bestpracticalrtfm2.4.0cpe:2.3:a:bestpractical:rtfm:2.4.0:*:*:*:*:*:*:*
bestpracticalrtfm2.4.1cpe:2.3:a:bestpractical:rtfm:2.4.1:*:*:*:*:*:*:*
bestpracticalrtfm2.4.2cpe:2.3:a:bestpractical:rtfm:2.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bestpractical	rtfm	*	cpe:2.3:a:bestpractical:rtfm::::::::
bestpractical	rtfm	2.2.0	cpe:2.3:a:bestpractical:rtfm:2.2.0:::::::*
bestpractical	rtfm	2.2.1	cpe:2.3:a:bestpractical:rtfm:2.2.1:::::::*
bestpractical	rtfm	2.2.2	cpe:2.3:a:bestpractical:rtfm:2.2.2:::::::*
bestpractical	rtfm	2.4.0	cpe:2.3:a:bestpractical:rtfm:2.4.0:::::::*
bestpractical	rtfm	2.4.1	cpe:2.3:a:bestpractical:rtfm:2.4.1:::::::*
bestpractical	rtfm	2.4.2	cpe:2.3:a:bestpractical:rtfm:2.4.2:::::::*