Lucene search

MitreCVE-2011-2385

HistoryJul 19, 2011 - 8:55 p.m.

CVE-2011-2385

2011-07-1920:55:01

CWE-264

mitre

web.nvd.nist.gov

cve-2011-2385

iphonehandle

otrs

remote authentication

privilege escalation

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

Affected configurations

Nvd

Node

otrsiphonehandleMatch0.9.1

otrsiphonehandleMatch0.9.2

otrsiphonehandleMatch0.9.3

otrsiphonehandleMatch0.9.4

otrsiphonehandleMatch0.9.5

otrsiphonehandleMatch0.9.6

otrsiphonehandleMatch1.0.1

otrsiphonehandleMatch1.0.2

otrsotrs

VendorProductVersionCPE
otrsiphonehandle0.9.1cpe:2.3:a:otrs:iphonehandle:0.9.1:*:*:*:*:*:*:*
otrsiphonehandle0.9.2cpe:2.3:a:otrs:iphonehandle:0.9.2:*:*:*:*:*:*:*
otrsiphonehandle0.9.3cpe:2.3:a:otrs:iphonehandle:0.9.3:*:*:*:*:*:*:*
otrsiphonehandle0.9.4cpe:2.3:a:otrs:iphonehandle:0.9.4:*:*:*:*:*:*:*
otrsiphonehandle0.9.5cpe:2.3:a:otrs:iphonehandle:0.9.5:*:*:*:*:*:*:*
otrsiphonehandle0.9.6cpe:2.3:a:otrs:iphonehandle:0.9.6:*:*:*:*:*:*:*
otrsiphonehandle1.0.1cpe:2.3:a:otrs:iphonehandle:1.0.1:*:*:*:*:*:*:*
otrsiphonehandle1.0.2cpe:2.3:a:otrs:iphonehandle:1.0.2:*:*:*:*:*:*:*
otrsotrs*cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
otrs	iphonehandle	0.9.1	cpe:2.3:a:otrs:iphonehandle:0.9.1:::::::*
otrs	iphonehandle	0.9.2	cpe:2.3:a:otrs:iphonehandle:0.9.2:::::::*
otrs	iphonehandle	0.9.3	cpe:2.3:a:otrs:iphonehandle:0.9.3:::::::*
otrs	iphonehandle	0.9.4	cpe:2.3:a:otrs:iphonehandle:0.9.4:::::::*
otrs	iphonehandle	0.9.5	cpe:2.3:a:otrs:iphonehandle:0.9.5:::::::*
otrs	iphonehandle	0.9.6	cpe:2.3:a:otrs:iphonehandle:0.9.6:::::::*
otrs	iphonehandle	1.0.1	cpe:2.3:a:otrs:iphonehandle:1.0.1:::::::*
otrs	iphonehandle	1.0.2	cpe:2.3:a:otrs:iphonehandle:1.0.2:::::::*
otrs	otrs	*	cpe:2.3:a:otrs:otrs::::::::

References

osvdb.org/73885

otrs.org/advisory/OSA-2011-02-en/

secunia.com/advisories/45227

www.securityfocus.com/bid/48678

exchange.xforce.ibmcloud.com/vulnerabilities/68558

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Related for CVE-2011-2385