CVE-2011-1433 — Otrs vulnerability

CWE-3105 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 41.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 3.0.8+dfsg1-1 (bullseye)

▶NVDotrs/otrs3.0.5+69

Patches

Patch: bugs.otrs.org ↗Patch: bugs.otrs.org ↗

🔴Vulnerability Details

GHSA

GHSA-8pwh-g3mh-g2qj: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3↗2022-05-17

▶

OSV

CVE-2011-1433: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2011-1433: otrs2 - The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Reque...↗2011

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶