CVE-2011-1685

Published Apr 22, 2011

Last updated 3 months ago

CVSS info 4.6

Overview

Description: Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4"
          },
          {
            "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References