Lucene search

[email protected]NVD:CVE-2012-2691

HistoryJun 17, 2012 - 3:41 a.m.

CVE-2012-2691

2012-06-1703:41:41

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.017

Percentile

87.9%

JSON

The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.

Affected configurations

Nvd

Node

mantisbtmantisbtRange≤1.2.10

mantisbtmantisbtMatch0.18.0

mantisbtmantisbtMatch0.19.0

mantisbtmantisbtMatch0.19.0a1

mantisbtmantisbtMatch0.19.0a2

mantisbtmantisbtMatch0.19.0rc1

mantisbtmantisbtMatch0.19.1

mantisbtmantisbtMatch0.19.2

mantisbtmantisbtMatch0.19.3

mantisbtmantisbtMatch0.19.4

mantisbtmantisbtMatch0.19.5

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.0.9

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.0a1

mantisbtmantisbtMatch1.1.0a2

mantisbtmantisbtMatch1.1.0a3

mantisbtmantisbtMatch1.1.0a4

mantisbtmantisbtMatch1.1.0rc1

mantisbtmantisbtMatch1.1.0rc2

mantisbtmantisbtMatch1.1.0rc3

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.3

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.1.9

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.0alpha1

mantisbtmantisbtMatch1.2.0alpha2

mantisbtmantisbtMatch1.2.0alpha3

mantisbtmantisbtMatch1.2.0rc1

mantisbtmantisbtMatch1.2.0rc2

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.2

mantisbtmantisbtMatch1.2.3

mantisbtmantisbtMatch1.2.4

mantisbtmantisbtMatch1.2.5

mantisbtmantisbtMatch1.2.6

mantisbtmantisbtMatch1.2.7

mantisbtmantisbtMatch1.2.8

mantisbtmantisbtMatch1.2.9

VendorProductVersionCPE
mantisbtmantisbt*cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
mantisbtmantisbt0.18.0cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:a1:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:a2:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*
mantisbtmantisbt0.19.1cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*
mantisbtmantisbt0.19.2cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*
mantisbtmantisbt0.19.3cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*
mantisbtmantisbt0.19.4cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	*	cpe:2.3:a:mantisbt:mantisbt::::::::
mantisbt	mantisbt	0.18.0	cpe:2.3:a:mantisbt:mantisbt:0.18.0:::::::*
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:::::::*
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:a1::::::
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:a2::::::
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1::::::
mantisbt	mantisbt	0.19.1	cpe:2.3:a:mantisbt:mantisbt:0.19.1:::::::*
mantisbt	mantisbt	0.19.2	cpe:2.3:a:mantisbt:mantisbt:0.19.2:::::::*
mantisbt	mantisbt	0.19.3	cpe:2.3:a:mantisbt:mantisbt:0.19.3:::::::*
mantisbt	mantisbt	0.19.4	cpe:2.3:a:mantisbt:mantisbt:0.19.4:::::::*