Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-16921

Опубликовано: 08 дек. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 9
EPSS Средний

Описание

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.20:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.23:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.33869
Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2017-16921

CVSS3: 8.8
ubuntu
около 8 лет назад

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

debian логотип

CVE-2017-16921

CVSS3: 8.8
debian
около 8 лет назад

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and includin ...

github логотип

GHSA-x9qc-g4w7-x2hf

CVSS3: 8.8
github
больше 3 лет назад

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

EPSS

Процентиль: 97%
0.33869
Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78