CVE-2012-4733 — Request-tracker4 vulnerability
Severity
6.0MEDIUMNVD
EPSS
0.6%
top 31.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 23
Latest updateMay 17
Description
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4