The iPhoneHandle package 0.9.x prior to 0.9.7 and 1.0.x prior to 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
otrs iphonehandle 0.9.6 |
||
otrs iphonehandle 1.0.1 |
||
otrs iphonehandle 0.9.1 |
||
otrs iphonehandle 1.0.2 |
||
otrs otrs |
||
otrs iphonehandle 0.9.4 |
||
otrs iphonehandle 0.9.5 |
||
otrs iphonehandle 0.9.2 |
||
otrs iphonehandle 0.9.3 |