Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2385

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-2385
Last Modified 06 Sep 2011 11:17:23
Published 19 Jul 2011 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-2385

Summary

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

Vulnerable Systems

Application

  • Otrs

  • Otrs Iphonehandle 0.9.1

  • Otrs Iphonehandle 0.9.2

  • Otrs Iphonehandle 0.9.3

  • Otrs Iphonehandle 0.9.4

  • Otrs Iphonehandle 0.9.5

  • Otrs Iphonehandle 0.9.6

  • Otrs Iphonehandle 1.0.1

  • Otrs Iphonehandle 1.0.2


References

CONFIRM - http://otrs.org/advisory/OSA-2011-02-en/

XF - otrs-iphonehandle-priv-escalation(68558)

BID - 48678

SECUNIA - 45227

OSVDB - 73885


Last Updated: 27 May 2016 10:57:00