PT-2017-14246 · Otrs+2 · Otrs+2

Published

2015-04-25

Updated

2019-10-03

CVE-2017-15864

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 3.3.x through 3.3.18

Description The issue allows an attacker to gain sensitive information, such as database user and password, by using a crafted URL in the Agent Frontend of OTRS.

Recommendations For OTRS versions 3.3.x through 3.3.18, update to a version that contains a fix for this issue to prevent information disclosure.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-1405

CVE-2017-15864

DLA-1212-1

DSA-4047-1

OPENSUSE-SU-2017_3054-1

Affected Products

Alt Linux

Otrs

Suse

PT-2017-14246 · Otrs+2 · Otrs+2

CVE-2017-15864

Related Identifiers

Affected Products

References · 11