CVE-2015-1464 — Improper Access Control in Request-tracker4
Severity
6.4MEDIUMNVD
EPSS
0.3%
top 42.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 9
Latest updateMay 17
Description
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVSS vector
AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9
Affected Packages2 packages
Also affects: Fedora 21, 22
🔴Vulnerability Details
2📋Vendor Advisories
1Debian▶
CVE-2015-1464: request-tracker4 - RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote att...↗2015