QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16854

Published: Dec 8, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.