Vulnerabilities > Bestpractical > Request Tracker > 4.0.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-09 | CVE-2014-9472 | Resource Management Errors vulnerability in multiple products The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. | 7.1 |
| 2014-11-16 | CVE-2013-3737 | Information Exposure vulnerability in Bestpractical Request Tracker The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. | 5.0 |
| 2014-05-05 | CVE-2013-3736 | Cross-Site Scripting vulnerability in Bestpractical Request Tracker and Rt-Extension-Mobileui Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file. | 4.3 |