CVE-2012-4730 — Request-tracker4 vulnerability

CWE-2647 documents6 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 61.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical RT

Timeline

PublishedNov 11

Latest updateMay 17

Description

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/request-tracker4< request-tracker4 4.0.7-2 (bookworm)

▶NVDbestpractical/rt24 versions+23

🔴Vulnerability Details

GHSA

GHSA-53rc-933r-8227: Request Tracker (RT) 3↗2022-05-17

▶

OSV

CVE-2012-4730: Request Tracker (RT) 3↗2012-11-11

▶

💥Exploits & PoCs

Exploit-DB

PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow↗2014-01-29

▶

📋Vendor Advisories

Debian

CVE-2012-4730: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote au...↗2012

▶

💬Community

Bugzilla

CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4735 CVE-2012-4884 rt3: Multiple flaws fixed in upstream 3.8.15 version [fedora-all]↗2012-10-26

▶

Bugzilla

CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4735 CVE-2012-4884 rt3: Multiple flaws fixed in upstream 3.8.15 version [epel-all]↗2012-10-26

▶