PT-2017-14804 · Otrs+1 · Otrs+1

Francesco Sirocco

Published

2017-12-20

Updated

2019-11-25

CVE-2017-17476

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 4.0.x through 4.0.27 Open Ticket Request System (OTRS) versions 5.0.x through 5.0.25 Open Ticket Request System (OTRS) versions 6.0.x through 6.0.2

Description The issue might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email when cookie support is disabled.

Recommendations For versions 4.0.x through 4.0.27, update to version 4.0.28 or later. For versions 5.0.x through 5.0.25, update to version 5.0.26 or later. For versions 6.0.x through 6.0.2, update to version 6.0.3 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-3068

ALT-PU-2019-3183

CVE-2017-17476

DLA-1215-1

DSA-4069-1

Affected Products

Alt Linux

Otrs

PT-2017-14804 · Otrs+1 · Otrs+1

CVE-2017-17476

Weakness Enumeration

Related Identifiers

Affected Products

References · 14