CVE-2017-14635

Description

In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.725

Associated Vulnerability

Vulnerability	OS Platform
otrs2 security update(DSA-4021-1) otrs2_3.3.18-1+deb8u2_all.deb	Linux
otrs2 security update(DSA-4021-1) otrs2_5.0.16-1+deb9u3_all.deb	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234