Lucene search

[email protected]NVD:CVE-2012-4733

HistoryAug 23, 2013 - 4:55 p.m.

CVE-2012-4733

2013-08-2316:55:06

CWE-255

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and “custom lifecycle transition” permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

Affected configurations

NVD

Node

bestpracticalrtMatch4.0.0

bestpracticalrtMatch4.0.0rc1

bestpracticalrtMatch4.0.0rc2

bestpracticalrtMatch4.0.0rc3

bestpracticalrtMatch4.0.0rc4

bestpracticalrtMatch4.0.0rc5

bestpracticalrtMatch4.0.0rc6

bestpracticalrtMatch4.0.0rc7

bestpracticalrtMatch4.0.0rc8

bestpracticalrtMatch4.0.1

bestpracticalrtMatch4.0.1rc1

bestpracticalrtMatch4.0.1rc2

bestpracticalrtMatch4.0.2

bestpracticalrtMatch4.0.2rc1

bestpracticalrtMatch4.0.2rc2

bestpracticalrtMatch4.0.3

bestpracticalrtMatch4.0.10

bestpracticalrtMatch4.0.11

bestpracticalrtMatch4.0.12

References

lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

secunia.com/advisories/53522

www.osvdb.org/93611

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for NVD:CVE-2012-4733

debiancve1 ubuntucve1 cve1 cvelist1 prion1 osv1 nessus4 freebsd1 debian2 openvas3 mageia1