PT-2017-14637 · Otrs+1 · Otrs+1

Bæln0Rn

Publicado

2017-12-08

Atualizado

2021-04-22

CVE-2017-16921

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OTRS versions 4.0.x through 4.0.26 OTRS versions 5.0.x through 5.0.24 OTRS versions 6.0.x through 6.0.1

Description The issue allows an attacker who is logged into OTRS as an agent to manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Recommendations For OTRS versions 4.0.x through 4.0.26, update to a version that fixes the issue. For OTRS versions 5.0.x through 5.0.24, update to a version that fixes the issue. For OTRS versions 6.0.x through 6.0.1, update to a version that fixes the issue.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

ALT-PU-2019-3068

ALT-PU-2019-3183

CVE-2017-16921

DLA-1212-1

DSA-4066-1

Produtos afetados

Alt Linux

Otrs

PT-2017-14637 · Otrs+1 · Otrs+1

CVE-2017-16921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14