Published: 08/12/2017 Updated: 29/04/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

In Open Ticket Request System (OTRS) up to and including 3.3.20, 4 up to and including 4.0.26, 5 up to and including 5.0.24, and 6 up to and including 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otrs otrs
debian debian linux 7.0
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #883774 otrs2: CVE-2017-16921: Remote code execution Package: src:otrs2; Maintainer for src:otrs2 is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Dec 2017 13:45:02 UTC Severity: grave Tags: patch, security, upstream Found in ver ...

Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents For the oldstable distribution (jessie), these problems have been fixed in version 3318-1+deb8u3 For the stable distribution (stretch), these problems have been fixed ...

CWE-200 https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/https://www.debian.org/security/2017/dsa-4066 https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883774 https://www.debian.org/security/./dsa-4066 https://nvd.nist.gov

CVE-2017-16854

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect