CVE-2008-1515 — Otrs vulnerability

CWE-2646 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

0.8%

top 26.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Debian Otrs2

Timeline

PublishedApr 1

Latest updateMay 1

Description

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDotrs/otrs2.1.0 — 2.1.8+1

▶debiandebian/otrs2< otrs2 2.2.5-2 (bullseye)

🔴Vulnerability Details

GHSA

GHSA-c8ch-p52f-7rgj: The SOAP interface in OTRS 2↗2022-05-01

▶

OSV

CVE-2008-1515: The SOAP interface in OTRS 2↗2008-04-01

▶

📋Vendor Advisories

Debian

CVE-2008-1515: otrs2 - The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remo...↗2008

▶

Red Hat

otrs SOAP authentications allows to get remote access without valid SOAP user↗

▶

💬Community

Bugzilla

CVE-2008-1515 otrs SOAP authentications allows to get remote access without valid SOAP user↗2008-04-01

▶