CVE-2012-2054

Name of the Vulnerable Software and Affected Versions Redmine versions prior to 1.3.2 HMIWeb Browser ActiveX Control (affected versions not specified)

Description The issue allows remote attackers to set attributes in various models, including Comment, Document, IssueCategory, MembersController, Message, News, TimeEntry, Version, Wiki, UserPreference, or Board, via a modified URL. This is related to a "mass assignment" vulnerability.

Recommendations For Redmine versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. For HMIWeb Browser ActiveX Control, at the moment, there is no information about a newer version that contains a fix for this vulnerability.