CVE-2017-17476
HIGH8.8EPSS 0.91%otrs2 - security update
Published: 12/20/2017Modified: 4/28/2026
Description
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
Affected packages (3)
- Debian/otrs2from 0, < 6.0.3-1
- Debian/otrs2from 0, < 3.3.18-1~deb7u3
- Debian/otrs2from 0, < 3.3.18-1+deb8u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |