Описание
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:otrs:iphonehandle:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:iphonehandle:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:iphonehandle:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:iphonehandle:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:iphonehandle:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:otrs:iphonehandle:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:otrs:iphonehandle:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:iphonehandle:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00735
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
debian
больше 14 лет назад
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in ...
github
больше 3 лет назад
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
EPSS
Процентиль: 72%
0.00735
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264