Lucene search
GoogleOSV:CVE-2017-16664HistoryNov 21, 2017 - 2:29 p.m.
CVE-2017-16664
2017-11-2114:29:00
Google
osv.dev
4
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| otrs | eq | rel-2_0_0-b1 | |
| otrs | eq | rel-2_2_1 | |
| otrs | eq | rel-2_2_0_beta1 | |
| otrs | eq | rel-1_1_0_rc2 | |
| otrs | eq | rel-3_3_11 | |
| otrs | eq | rel-3_0_0-b5 | |
| otrs | eq | rel-2_2_0_beta3 | |
| otrs | eq | rel-1_2_0_beta1 | |
| otrs | eq | rel-2_4_1 | |
| otrs | eq | rel-3_1_0_beta4 |
Related
openvas
openvas
Debian: Security Advisory (DSA-4047-1)
2017-11-22 00:00:00
OTRS RCE Vulnerability
2017-11-24 00:00:00
openSUSE: Security Advisory for otrs (openSUSE-SU-2017:3054-1)
2017-11-24 00:00:00
cve
cve
CVE-2017-16664
2017-11-21 14:29:00
osv
osv
otrs2 - security update
2017-11-23 00:00:00
otrs2 - security update
2017-12-19 00:00:00
cvelist
cvelist
CVE-2017-16664
2017-11-21 14:00:00
nvd
nvd
CVE-2017-16664
2017-11-21 14:29:00
debiancve
debiancve
CVE-2017-16664
2017-11-21 14:29:00
ubuntucve
ubuntucve
CVE-2017-16664
2017-11-21 00:00:00
prion
prion
Code injection
2017-11-21 14:29:00
nessus
nessus
OTRS Authenticated Remote Code Execution (OSA-2017-07)
2017-12-11 00:00:00
openSUSE Security Update : otrs (openSUSE-2017-1291)
2017-11-27 00:00:00
Debian DSA-4047-1 : otrs2 - security update
2017-11-27 00:00:00
debian
debian
[SECURITY] [DSA 4047-1] otrs2 security update
2017-11-23 22:09:39
[SECURITY] [DLA 1212-1] otrs2 security update
2017-12-19 20:42:01
suse
suse
Security update for otrs (important)
2017-11-23 18:09:38
freebsd
freebsd
OTRS -- Multiple vulnerabilities
2017-11-21 00:00:00