Home > Vulnerability Database > CVE-2017-17476

Mend.io Vulnerability Database

CVE-2017-17476

Date: December 20, 2017

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

Language: Perl

Severity Score

8.8

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-17476

Url: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc

Url: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/

Url: https://www.debian.org/security/2017/dsa-4069

Url: https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html

Url: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953

Url: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb

Url: https://security-tracker.debian.org/tracker/CVE-2017-17476

Url: https://www.mend.io/vulnerability-database/CVE-2017-17476

Severity Score

8.8

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-17476

Date: December 20, 2017

Language: Perl

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?