CVE-2017-14635 — Improper Input Validation in Otrs

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedSep 21

Latest updateMay 13

Description

In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 5.0.23-1 (bullseye)

▶NVDotrs/otrs66 versions+65

🔴Vulnerability Details

GHSA

GHSA-7r29-5mg8-c6rc: In Open Ticket Request System (OTRS) 3↗2022-05-13

▶

OSV

CVE-2017-14635: In Open Ticket Request System (OTRS) 3↗2017-09-21

▶

📋Vendor Advisories

Debian

CVE-2017-14635: otrs2 - In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and...↗2017

▶