CVE-2011-1687Sensitive Information Exposure in RT

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.5%
top 34.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bestpractical RT
Timeline
PublishedApr 22
Latest updateMay 17

Description

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDbestpractical/rt47 versions+46

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

1
GHSA
GHSA-7g36-rq2m-mrf6: Best Practical Solutions RT 32022-05-17

💬Community

1
Bugzilla
CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688 CVE-2011-1689 CVE-2011-1690 rt3: several security flaws fixed in 3.6.11, 3.8.102011-04-14
CVE-2011-1687 — Sensitive Information Exposure in RT | cvebase