cbcvebase.
CVE-2011-1433
published 2011-03-18

CVE-2011-1433: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data…

PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.47%
70.4th percentile
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.

Affected

71 ranges· showing 25
VendorProductVersion rangeFixed in
debianotrs2< otrs2 3.0.8+dfsg1-1 (bullseye)otrs2 3.0.8+dfsg1-1 (bullseye)
otrsotrs<= 3.0.5
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.