6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.8%
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement
the DisallowExecuteCode option, which allows remote authenticated users to
bypass intended access restrictions and execute arbitrary code by
leveraging access to a privileged account, a different vulnerability than
CVE-2011-4458 and CVE-2011-5092.
lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html
lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html
lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html
launchpad.net/bugs/cve/CVE-2011-5093
nvd.nist.gov/vuln/detail/CVE-2011-5093
security-tracker.debian.org/tracker/CVE-2011-5093
www.cve.org/CVERecord?id=CVE-2011-5093