Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-1433HistoryMar 18, 2011 - 4:55 p.m.
CVE-2011-1433
2011-03-1816:55:01
Debian Security Bug Tracker
security-tracker.debian.org
11
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.001
Percentile
48.4%
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | otrs2 | < 3.0.8+dfsg1-1 | otrs2_3.0.8+dfsg1-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2011-1433
2011-03-18 00:00:00
nvd
nvd
CVE-2011-1433
2011-03-18 16:55:01
cvelist
cvelist
CVE-2011-1433
2011-03-18 16:00:00
prion
prion
Design/Logic Flaw
2011-03-18 16:55:00
openvas
openvas
Open Ticket Request System (OTRS) Information Disclosure Vulnerability
2011-03-25 00:00:00
cve
cve
CVE-2011-1433
2011-03-18 16:55:01
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.001
Percentile
48.4%
Related for DEBIANCVE:CVE-2011-1433