Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-16854

Опубликовано: 08 дек. 2017
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
Версия от 3.3.0 (включая) до 3.3.20 (включая)
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
Версия от 4.0.0 (исключая) до 4.0.26 (включая)
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
Версия от 5.0.0 (включая) до 5.0.24 (включая)
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
Версия от 6.0.0 (включая) до 6.0.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%
0.00302
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2017-16854

CVSS3: 6.5
ubuntu
больше 7 лет назад

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

debian логотип

CVE-2017-16854

CVSS3: 6.5
debian
больше 7 лет назад

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...

github логотип

GHSA-29ch-39m4-vcw5

CVSS3: 6.5
github
больше 3 лет назад

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

EPSS

Процентиль: 53%
0.00302
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200