Strix
26.1K

CVE-2017-16854

UnknownEPSS 1.49%

Last modified

CVE-2017-16854 is a vulnerability of currently unknown severity. In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.. EPSS estimates a 1.49% chance of exploitation in the next 30 days.

Description

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

Metrics

EPSS Probability
1.49%

70.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OtrsOtrs>= 3.3.0, <= 3.3.20
OtrsOtrs> 4.0.0, <= 4.0.26
OtrsOtrs>= 5.0.0, <= 5.0.24
OtrsOtrs>= 6.0.0, <= 6.0.1
DebianDebian Linux7.0
DebianDebian Linux8.0
DebianDebian Linux9.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-16854?
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
How severe is CVE-2017-16854?
Severity scoring for CVE-2017-16854 is pending analysis. The EPSS model estimates a 1.49% probability of exploitation in the next 30 days.
How do I fix CVE-2017-16854?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-16854?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST