
Find real vulnerabilities before they ship
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Base Score
8.8| Base Score | 8.8 |
|---|---|
| Vector String | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | NETWORK |