Published: 16/11/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x up to and including 3.3.18, with a crafted URL it is possible to gain information like database user and password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otrs otrs
debian debian linux 7.0
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #882370 otrs2: CVE-2017-16664: OSA-2017-07: privilege escalation Package: src:otrs2; Maintainer for src:otrs2 is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 Nov 2017 20:57:10 UTC Severity: grave Tags: fixed-upstream, patch, secu ...

Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents For the oldstable distribution (jessie), these problems have been fixed in version 3318-1+deb8u2 For the stable distribution (stretch), these problems hav ...

NVD-CWE-noinfo https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/https://www.debian.org/security/2017/dsa-4047 https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882370 https://nvd.nist.gov https://www.debian.org/security/./dsa-4047

CVE-2017-15864

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect