{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Request Tracker 4.0.x","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Request Tracker 3.8.x","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-4730","url":"https://www.cve.org/CVERecord?id=CVE-2012-4730"},{"name":"CVE-2012-4734","url":"https://www.cve.org/CVERecord?id=CVE-2012-4734"},{"name":"CVE-2012-4884","url":"https://www.cve.org/CVERecord?id=CVE-2012-4884"},{"name":"CVE-2012-4735","url":"https://www.cve.org/CVERecord?id=CVE-2012-4735"},{"name":"CVE-2012-4732","url":"https://www.cve.org/CVERecord?id=CVE-2012-4732"}],"links":[],"reference":"CERTA-2012-AVI-610","revisions":[{"description":"version initiale.","revision_date":"2012-10-29T00:00:00.000000"}],"risks":[{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"}],"summary":"Cinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans <span class=\"textit\">Request\nTracker</span>. Elles permettent \u00e0 un utilisateur malintentionn\u00e9 de\nmener des injections de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et\nd'\u00e9crire des fichiers arbitraires sur le disque de stockage.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Request Tracker","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 RT du 25 octobre 1012","url":"http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}]}