Main Vulnerability Database Vulnerabilities #VU44770

Input validation error in OTRS - CVE-2011-2746

Published: August 29, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44770

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-2746

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: otrs.org

Affected software:
OTRS

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.

How to mitigate CVE-2011-2746

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html
http://otrs.org/advisory/OSA-2011-03-en/
http://secunia.com/advisories/45701
http://secunia.com/advisories/45894
http://www.osvdb.org/74602
http://www.securityfocus.com/bid/49251

Input validation error in OTRS - CVE-2011-2746

Detailed vulnerability description

How to mitigate CVE-2011-2746

Sources

Please verify you're human