CVE-2011-5093
First published: Mon Jun 04 2012(Updated: )
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Best Practical Solutions Request Tracker | =4.0.0-rc4 | |
| Best Practical Solutions Request Tracker | =4.0.3 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc7 | |
| Best Practical Solutions Request Tracker | =4.0.1 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc3 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc8 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc6 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc5 | |
| Best Practical Solutions Request Tracker | =4.0.4 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc2 | |
| Best Practical Solutions Request Tracker | =4.0.0 | |
| Best Practical Solutions Request Tracker | =3.8.12 | |
| Best Practical Solutions Request Tracker | =4.0.2 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc1 | |
| Best Practical Solutions Request Tracker | =4.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-5093?
CVE-2011-5093 is considered a high-severity vulnerability due to its ability to allow remote authenticated users to execute arbitrary code.
How do I fix CVE-2011-5093?
To fix CVE-2011-5093, you should upgrade to Best Practical Solutions RT version 4.0.6 or later.
What software versions are affected by CVE-2011-5093?
CVE-2011-5093 affects Best Practical Solutions RT versions 4.0.0 through 4.0.5, including various release candidates.
Can CVE-2011-5093 be exploited without a privileged account?
No, CVE-2011-5093 requires a remote authenticated user with a privileged account to exploit the vulnerability.
What type of vulnerability is CVE-2011-5093?
CVE-2011-5093 is a code execution vulnerability that allows unauthorized code execution due to improper access restrictions.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bestpractical
- canonical/best practical solutions request tracker
- version/best practical solutions request tracker/4.0.0-rc4
- version/best practical solutions request tracker/4.0.3
- version/best practical solutions request tracker/4.0.0-rc7
- version/best practical solutions request tracker/4.0.1
- version/best practical solutions request tracker/4.0.0-rc3
- version/best practical solutions request tracker/4.0.0-rc8
- version/best practical solutions request tracker/4.0.0-rc6
- version/best practical solutions request tracker/4.0.0-rc5
- version/best practical solutions request tracker/4.0.4
- version/best practical solutions request tracker/4.0.0-rc2
- version/best practical solutions request tracker/4.0.0
- version/best practical solutions request tracker/3.8.12
- version/best practical solutions request tracker/4.0.2
- version/best practical solutions request tracker/4.0.0-rc1
- version/best practical solutions request tracker/4.0.5