6.5

CVE-2011-2385

EPSS 0.74%
Veröffentlicht 19.07.2011 20:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Otrs ≫ Iphonehandle Version0.9.1

Otrs ≫ Iphonehandle Version0.9.2

Otrs ≫ Iphonehandle Version0.9.3

Otrs ≫ Iphonehandle Version0.9.4

Otrs ≫ Iphonehandle Version0.9.5

Otrs ≫ Iphonehandle Version0.9.6

Otrs ≫ Iphonehandle Version1.0.1

Otrs ≫ Iphonehandle Version1.0.2

Otrs ≫ Otrs

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.74%	0.72

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://osvdb.org/73885

http://otrs.org/advisory/OSA-2011-02-en/

Patch

Vendor Advisory

http://secunia.com/advisories/45227

Vendor Advisory

http://www.securityfocus.com/bid/48678

https://exchange.xforce.ibmcloud.com/vulnerabilities/68558

https://nvd.nist.gov/vuln/detail/CVE-2011-2385

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2385

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2385

EUVD