| Max CVSS | 5.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-8553 | 5.0 |
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_ge
|
08-09-2017 - 01:29 | 17-12-2014 - 19:59 | |
| CVE-2014-9506 | 3.5 |
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
|
03-01-2017 - 02:59 | 04-01-2015 - 21:59 | |
| CVE-2014-9388 | 5.0 |
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
|
03-01-2017 - 02:59 | 17-12-2014 - 19:59 |