PT-2017-14511 · Otrs+2 · Otrs+2

Published

2017-11-21

Updated

2019-11-25

CVE-2017-16664

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 3.3 before 3.3.20 Open Ticket Request System (OTRS) versions 4 before 4.0.26 Open Ticket Request System (OTRS) versions 5 before 5.0.24

Description A code injection issue exists in the Kernel/System/Spelling.pm file. This allows an authenticated remote attacker to execute shell commands as the webserver user via URL manipulation in the agent interface.

Recommendations For versions 3.3 before 3.3.20, update to version 3.3.20 or later. For versions 4 before 4.0.26, update to version 4.0.26 or later. For versions 5 before 5.0.24, update to version 5.0.24 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALT-PU-2019-3068

ALT-PU-2019-3183

CVE-2017-16664

DLA-1212-1

DSA-4047-1

OPENSUSE-SU-2017_3054-1

Affected Products

Alt Linux

Otrs

Suse

PT-2017-14511 · Otrs+2 · Otrs+2

CVE-2017-16664

Weakness Enumeration

Related Identifiers

Affected Products

References · 11