CVE-2014-8553

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.18

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via specific SOAP requests, including mc project get users, mc issue get, mc filter get issues, or mc project get issues. The mci account get array by id function in api/soap/mc account api.php is involved in this issue.

Recommendations For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the mci account get array by id function in api/soap/mc account api.php until a patch is applied. Additionally, limit the use of the affected SOAP requests to minimize the risk of exploitation.