Vulnerability Details : CVE-2011-2385
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2011-2385
Probability of exploitation activity in the next 30 days: 0.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2385
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2011-2385
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2385
-
http://otrs.org/advisory/OSA-2011-02-en/
404 Page | OTRSPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68558
iPhoneHandle package for OTRS privilege escalation CVE-2011-2385 Vulnerability Report
-
http://www.securityfocus.com/bid/48678
OTRS iPhoneHandle (CVE-2011-2385) Unspecified Privilege Escalation Vulnerability
Products affected by CVE-2011-2385
- cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:iphonehandle:0.9.3:*:*:*:*:*:*:*