6.5

CVE-2011-2385

EPSS 0.74%
Published 19.07.2011 20:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Otrs ≫ Iphonehandle Version0.9.1

Otrs ≫ Iphonehandle Version0.9.2

Otrs ≫ Iphonehandle Version0.9.3

Otrs ≫ Iphonehandle Version0.9.4

Otrs ≫ Iphonehandle Version0.9.5

Otrs ≫ Iphonehandle Version0.9.6

Otrs ≫ Iphonehandle Version1.0.1

Otrs ≫ Iphonehandle Version1.0.2

Otrs ≫ Otrs

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.74%	0.721

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://osvdb.org/73885

http://otrs.org/advisory/OSA-2011-02-en/

Patch

Vendor Advisory

http://secunia.com/advisories/45227

Vendor Advisory

http://www.securityfocus.com/bid/48678

https://exchange.xforce.ibmcloud.com/vulnerabilities/68558

https://nvd.nist.gov/vuln/detail/CVE-2011-2385

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2385

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2385

EUVD