| Vulnerability Name: | CVE-2011-2385 (CCN-68558) | ||||||||
| Assigned: | 2011-07-12 | ||||||||
| Published: | 2011-07-12 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-2385 Source: OSVDB Type: UNKNOWN 73885 Source: CCN Type: OSA-2011-02 Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation Source: CONFIRM Type: Patch, Vendor Advisory http://otrs.org/advisory/OSA-2011-02-en/ Source: CCN Type: SA45227 OTRS iPhoneHandle Package Privilege Escalation Vulnerability Source: SECUNIA Type: Vendor Advisory 45227 Source: CCN Type: OSVDB ID: 73885 OTRS (Open Ticket Request System) iPhoneHandle Package Interface Unspecified Remote Privilege Escalation Source: BID Type: UNKNOWN 48678 Source: CCN Type: BID-48678 OTRS iPhoneHandle (CVE-2011-2385) Unspecified Privilege Escalation Vulnerability Source: XF Type: UNKNOWN otrs-iphonehandle-priv-escalation(68558) Source: XF Type: UNKNOWN otrs-iphonehandle-priv-escalation(68558) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||