Lucene search

[email protected]CVE-2008-1515

HistoryApr 01, 2008 - 5:44 p.m.

CVE-2008-1515

2008-04-0117:44:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-1515

otrs

soap interface

remote attackers

security vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to “read and modify objects” via SOAP requests, related to “Missing security checks.”

Affected configurations

NVD

Node

otrsotrsRange2.1.0–2.1.8

otrsotrsRange2.2.0–2.2.6

CPENameOperatorVersion
otrs:otrsotrslt2.1.8
otrs:otrsotrslt2.2.6

CPE	Name	Operator	Version
otrs:otrs	otrs	lt	2.1.8
otrs:otrs	otrs	lt	2.2.6

References

lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

otrs.org/advisory/OSA-2008-01-en/

secunia.com/advisories/29585

secunia.com/advisories/29622

secunia.com/advisories/29859

www.securityfocus.com/bid/28647

exchange.xforce.ibmcloud.com/vulnerabilities/41577

www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for CVE-2008-1515

nessus3 debiancve1 prion1 redhatcve1 openvas3 fedora1 ubuntucve1 cvelist1 nvd1