Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2012-4733
HistoryAug 23, 2013 - 4:55 p.m.

CVE-2012-4733

2013-08-2316:55:06
CWE-255
mitre
web.nvd.nist.gov
33
request tracker
rt 4.x
cve-2012-4733
deleteticket
custom lifecycle transition
permission
remote authenticated users
modifyticket
delete tickets

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

8.1

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and “custom lifecycle transition” permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

Affected configurations

Nvd
Node
bestpracticalrtMatch4.0.0
OR
bestpracticalrtMatch4.0.0rc1
OR
bestpracticalrtMatch4.0.0rc2
OR
bestpracticalrtMatch4.0.0rc3
OR
bestpracticalrtMatch4.0.0rc4
OR
bestpracticalrtMatch4.0.0rc5
OR
bestpracticalrtMatch4.0.0rc6
OR
bestpracticalrtMatch4.0.0rc7
OR
bestpracticalrtMatch4.0.0rc8
OR
bestpracticalrtMatch4.0.1
OR
bestpracticalrtMatch4.0.1rc1
OR
bestpracticalrtMatch4.0.1rc2
OR
bestpracticalrtMatch4.0.2
OR
bestpracticalrtMatch4.0.2rc1
OR
bestpracticalrtMatch4.0.2rc2
OR
bestpracticalrtMatch4.0.3
OR
bestpracticalrtMatch4.0.10
OR
bestpracticalrtMatch4.0.11
OR
bestpracticalrtMatch4.0.12
VendorProductVersionCPE
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*
bestpracticalrt4.0.0cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*
bestpracticalrt4.0.1cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

Related

ubuntucve 1
debiancve 1
cvelist 1
nvd 1
prion 1
nessus 4
freebsd 1
debian 2
osv 1
openvas 3
mageia 1
ubuntucve
ubuntucve
CVE-2012-4733
2013-08-23 00:00:00
debiancve
debiancve
CVE-2012-4733
2013-08-23 16:55:06
cvelist
cvelist
CVE-2012-4733
2013-08-23 16:00:00
nvd
nvd
CVE-2012-4733
2013-08-23 16:55:06
prion
prion
Cross site request forgery (csrf)
2013-08-23 16:55:00
nessus
nessus
Debian DSA-2671-1 : request-tracker4 - several vulnerabilities
2013-05-23 00:00:00
FreeBSD : RT -- multiple vulnerabilities (3a429192-c36a-11e2-97a9-6805ca0b3d42)
2013-05-24 00:00:00
RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities
2013-05-24 00:00:00
freebsd
freebsd
RT -- multiple vulnerabilities
2013-05-22 00:00:00
debian
debian
[SECURITY] [DSA 2671-1] request-tracker4 security update
2013-05-22 19:45:55
[SECURITY] [DSA 2671-1] request-tracker4 security update
2013-05-22 19:45:55
osv
osv
request-tracker4 - several
2013-05-22 00:00:00
openvas
openvas
Debian Security Advisory DSA 2671-1 (request-tracker4 - several vulnerabilities)
2013-05-22 00:00:00
Debian: Security Advisory (DSA-2671-1)
2013-05-21 00:00:00
Mageia: Security Advisory (MGASA-2017-0325)
2022-01-28 00:00:00
mageia
mageia
Updated rt/perl-Encode packages fix security vulnerability
2017-09-03 17:31:33

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

8.1

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON
Related for CVE-2012-4733
ubuntucve1debiancve1cvelist1nvd1prion1nessus4freebsd1debian2osv1openvas3mageia1