CVE-2011-2385

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) iPhoneHandle package versions 0.9.x through 0.9.6 Open Ticket Request System (OTRS) iPhoneHandle package versions 1.0.x through 1.0.2

Description The issue allows remote authenticated users to gain privileges and consequently read or modify OTRS core objects via unspecified vectors, due to the iPhoneHandle package not properly restricting use of the iPhoneHandle interface.

Recommendations For Open Ticket Request System (OTRS) iPhoneHandle package versions 0.9.x through 0.9.6, update to version 0.9.7 or later. For Open Ticket Request System (OTRS) iPhoneHandle package versions 1.0.x through 1.0.2, update to version 1.0.3 or later.