Vulnerability Description
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bestpractical | Rt | 3.0.0 |
Related Weaknesses (CWE)
References
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.htmlPatchVendor Advisory
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.htmlPatch
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.htmlPatch
- http://secunia.com/advisories/49259
- http://www.securityfocus.com/bid/53660
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.htmlPatchVendor Advisory
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.htmlPatch
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.htmlPatch
- http://secunia.com/advisories/49259
- http://www.securityfocus.com/bid/53660
FAQ
What is CVE-2011-4459?
CVE-2011-4459 is a vulnerability with a CVSS score of 3.5 (LOW). Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic cir...
How severe is CVE-2011-4459?
CVE-2011-4459 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4459?
Check the references section above for vendor advisories and patch information. Affected products include: Bestpractical Rt.