vulnerability

Debian: CVE-2017-16664: otrs2 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Nov 21, 2017	Nov 24, 2017	Feb 24, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Nov 21, 2017

Added

Nov 24, 2017

Modified

Feb 24, 2020

Description

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

Solution

debian-upgrade-otrs2

References

CVE-2017-16664
https://attackerkb.com/topics/CVE-2017-16664
DEBIAN-DSA-4047

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today