CVE-2011-1433
published 2011-03-18CVE-2011-1433: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data…
PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.47%
70.4th percentile
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
Affected
71 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 3.0.8+dfsg1-1 (bullseye) | otrs2 3.0.8+dfsg1-1 (bullseye) |
| otrs | otrs | <= 3.0.5 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8pwh-g3mh-g2qj: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3
ghsa_unreviewed·2022-05-17
CVE-2011-1433 [MEDIUM] GHSA-8pwh-g3mh-g2qj: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
OSV
CVE-2011-1433: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3
osv·2011-03-18·CVSS 5.0
CVE-2011-1433 [MEDIUM] CVE-2011-1433: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
Debian
CVE-2011-1433: otrs2 - The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Reque...
vendor_debian·2011·CVSS 5.0
CVE-2011-1433 [MEDIUM] CVE-2011-1433: otrs2 - The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Reque...
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
Scope: local
bullseye: resolved (fixed in 3.0.8+dfsg1-1)
No detection rules found.
No public exploits indexed.
http://bugs.otrs.org/show_bug.cgi?id=6878http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807https://exchange.xforce.ibmcloud.com/vulnerabilities/66196http://bugs.otrs.org/show_bug.cgi?id=6878http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807https://exchange.xforce.ibmcloud.com/vulnerabilities/66196
2011-03-18
Published