Oval Definition:oval:org.opensuse.security:def:201716664
Revision Date:2019-09-27Version:1
Title:CVE-2017-16664
Description:

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-16664
Platform(s):openSUSE Leap 42.2
openSUSE Leap 42.3
Product(s):
Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • otrs-3.3.20-5.11.1 is installed
  • AND otrs is signed with openSUSE key
  • OR
  • otrs-doc-3.3.20-5.11.1 is installed
  • AND otrs-doc is signed with openSUSE key
  • OR
  • otrs-itsm-3.3.14-5.11.1 is installed
  • AND otrs-itsm is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • otrs-3.3.20-14 is installed
  • AND otrs is signed with openSUSE key
  • OR
  • otrs-doc-3.3.20-14 is installed
  • AND otrs-doc is signed with openSUSE key
  • OR
  • otrs-itsm-3.3.14-14 is installed
  • AND otrs-itsm is signed with openSUSE key
    • BACK