Vulnerability Description
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bestpractical | Rt | 3.8.12 |
Related Weaknesses (CWE)
References
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.htmlPatch
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.htmlPatch
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.htmlPatch
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.htmlPatch
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.htmlPatch
- http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.htmlPatch
FAQ
What is CVE-2011-5093?
CVE-2011-5093 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbi...
How severe is CVE-2011-5093?
CVE-2011-5093 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5093?
Check the references section above for vendor advisories and patch information. Affected products include: Bestpractical Rt.