CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2545 – Deprecated 3DES cryptographic algorithm used by Request Tracker in emails encrypted with S/MIME
https://notcve.org/view.php?id=CVE-2025-2545
05 May 2025 — Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages. Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIM... • https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41259 – Debian Security Advisory 5541-1
https://notcve.org/view.php?id=CVE-2023-41259
31 Oct 2023 — Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la divulgación de información a través de encabezados de correo electrónico RT falsos o falsificados en un mensaje de correo electrónico o una llamada API REST de puerta de enlace de correo. Multiple vulnerabilities have been discovered i... • https://docs.bestpractical.com/release-notes/rt/4.4.7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41260 – Ubuntu Security Notice USN-6529-1
https://notcve.org/view.php?id=CVE-2023-41260
31 Oct 2023 — Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la exposición de información en respuestas a llamadas API REST de puerta de enlace de correo. It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS.... • https://docs.bestpractical.com/release-notes/rt/4.4.7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45024 – Debian Security Advisory 5541-1
https://notcve.org/view.php?id=CVE-2023-45024
31 Oct 2023 — Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. Best Practical Request Tracker (RT) 5 anterior a 5.0.5 permite la divulgación de información a través de una búsqueda de transacciones en el generador de consultas de transacciones. It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS... • https://docs.bestpractical.com/release-notes/rt/5.0.5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25803 – Ubuntu Security Notice USN-7692-1
https://notcve.org/view.php?id=CVE-2022-25803
14 Jul 2022 — Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. Best Practical Request Tracker (RT) versiones anteriores a 5.0.3, presenta un Redireccionamiento Abierto por medio de una búsqueda de tickets It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. It was discovered that Request Tracker was susceptible to cross-site scripting attacks ... • https://docs.bestpractical.com/release-notes/rt/5.0.3 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25802 – Debian Security Advisory 5181-1
https://notcve.org/view.php?id=CVE-2022-25802
14 Jul 2022 — Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. Best Practical Request Tracker (RT) versiones anteriores a 4.4.6 y versiones 5.x anteriores a 5.0.3 permite un ataque de tipo XSS por medio de un tipo de contenido diseñado para un adjunto It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. It w... • https://docs.bestpractical.com/release-notes/rt/4.4.6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38562 – Ubuntu Security Notice USN-6529-1
https://notcve.org/view.php?id=CVE-2021-38562
18 Oct 2021 — Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. Best Practical Request Tracker (RT) versiones 4.2 anteriores a 4.2.17, versiones 4.4 anteriores a 4.4.5, y versiones 5.0 anteriores a 5.0.2, permite una divulgación de información confidencial por medio de un ataque de tiempo contra el archivo lib/RT/REST2/Middleware/Auth.pm It was discovered that Request Tracker wa... • https://docs.bestpractical.com/release-notes/rt/index.html • CWE-203: Observable Discrepancy •