PT-2017-14599 · Otrs+1 · Otrs+1

Publicado

2017-12-08

·

Atualizado

2019-11-25

·

CVE-2017-16854

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 3.3.20 and earlier Open Ticket Request System (OTRS) versions 4.0.26 and earlier Open Ticket Request System (OTRS) versions 5.0.24 and earlier Open Ticket Request System (OTRS) versions 6.0.1 and earlier
Description The issue allows an attacker who is logged in as a customer to disclose internal article information of their customer tickets using the ticket search form.
Recommendations For versions 3.3.20 and earlier, update to a version later than 3.3.20. For versions 4.0.26 and earlier, update to a version later than 4.0.26. For versions 5.0.24 and earlier, update to a version later than 5.0.24. For versions 6.0.1 and earlier, update to a version later than 6.0.1.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2019-3068
ALT-PU-2019-3183
CVE-2017-16854
DLA-1212-1
DSA-4066-1

Produtos afetados

Alt Linux
Otrs