CVE-2011-5093 : Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows re

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.

Published 2012-06-04 19:55:02

Updated 2012-06-05 16:34:17

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2011-5093

Probability of exploitation activity in the next 30 days: 0.31%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-5093

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-5093

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-5093

http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html

[rt-announce] RT 3.8.12 Released - Security Release
Patch

CVEs referencing this url
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html

[rt-announce] RT 4.0.6 Released - Security Release
Patch

CVEs referencing this url
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html

[rt-announce] Security vulnerabilities in RT
Patch

CVEs referencing this url

Products affected by CVE-2011-5093

Bestpractical » RT » Version: 4.0.0 Update RC4
cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0 Update RC5
cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0 Update RC3
cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0 Update RC2
cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0 Update RC1
cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0 Update RC6
cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0 Update RC7
cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 3.8.12
cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0 Update RC8
cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.2
cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.3
cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.4
cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.5
cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.0
cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*
Matching versions
Bestpractical » RT » Version: 4.0.1
cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-5093

Exploit prediction scoring system (EPSS) score for CVE-2011-5093

CVSS scores for CVE-2011-5093

CWE ids for CVE-2011-5093

References for CVE-2011-5093

Products affected by CVE-2011-5093