Lucene search

[email protected]NVD:CVE-2011-2385

HistoryJul 19, 2011 - 8:55 p.m.

CVE-2011-2385

2011-07-1920:55:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

Affected configurations

Nvd

Node

otrsiphonehandleMatch0.9.1

otrsiphonehandleMatch0.9.2

otrsiphonehandleMatch0.9.3

otrsiphonehandleMatch0.9.4

otrsiphonehandleMatch0.9.5

otrsiphonehandleMatch0.9.6

otrsiphonehandleMatch1.0.1

otrsiphonehandleMatch1.0.2

otrsotrs

VendorProductVersionCPE
otrsiphonehandle0.9.1cpe:2.3:a:otrs:iphonehandle:0.9.1:*:*:*:*:*:*:*
otrsiphonehandle0.9.2cpe:2.3:a:otrs:iphonehandle:0.9.2:*:*:*:*:*:*:*
otrsiphonehandle0.9.3cpe:2.3:a:otrs:iphonehandle:0.9.3:*:*:*:*:*:*:*
otrsiphonehandle0.9.4cpe:2.3:a:otrs:iphonehandle:0.9.4:*:*:*:*:*:*:*
otrsiphonehandle0.9.5cpe:2.3:a:otrs:iphonehandle:0.9.5:*:*:*:*:*:*:*
otrsiphonehandle0.9.6cpe:2.3:a:otrs:iphonehandle:0.9.6:*:*:*:*:*:*:*
otrsiphonehandle1.0.1cpe:2.3:a:otrs:iphonehandle:1.0.1:*:*:*:*:*:*:*
otrsiphonehandle1.0.2cpe:2.3:a:otrs:iphonehandle:1.0.2:*:*:*:*:*:*:*
otrsotrs*cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
otrs	iphonehandle	0.9.1	cpe:2.3:a:otrs:iphonehandle:0.9.1:::::::*
otrs	iphonehandle	0.9.2	cpe:2.3:a:otrs:iphonehandle:0.9.2:::::::*
otrs	iphonehandle	0.9.3	cpe:2.3:a:otrs:iphonehandle:0.9.3:::::::*
otrs	iphonehandle	0.9.4	cpe:2.3:a:otrs:iphonehandle:0.9.4:::::::*
otrs	iphonehandle	0.9.5	cpe:2.3:a:otrs:iphonehandle:0.9.5:::::::*
otrs	iphonehandle	0.9.6	cpe:2.3:a:otrs:iphonehandle:0.9.6:::::::*
otrs	iphonehandle	1.0.1	cpe:2.3:a:otrs:iphonehandle:1.0.1:::::::*
otrs	iphonehandle	1.0.2	cpe:2.3:a:otrs:iphonehandle:1.0.2:::::::*
otrs	otrs	*	cpe:2.3:a:otrs:otrs::::::::

References

osvdb.org/73885

otrs.org/advisory/OSA-2011-02-en/

secunia.com/advisories/45227

www.securityfocus.com/bid/48678

exchange.xforce.ibmcloud.com/vulnerabilities/68558

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Related for NVD:CVE-2011-2385

prion1 cvelist1 debiancve1 cve1