CVE-2017-9324
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9324
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9324.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-9324
- Related
- Published
- 2017-06-12T06:29:00Z
- Modified
- 2025-01-14T07:19:38.648769Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
- References
Affected packages
Debian:11 / otrs2
Package
- Name
- otrs2
- Purl
- pkg:deb/debian/otrs2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.0.20-1
Affected versions
2.*
2.0.4p01-6
2.0.4p01-7
2.0.4p01-8
2.0.4p01-9
2.0.4p01-10
2.0.4p01-11
2.0.4p01-12
2.0.4p01-13
2.0.4p01-14
2.0.4p01-14.1
2.0.4p01-15
2.0.4p01-16
2.0.4p01-17
2.0.4p01-18
2.0.99beta1-1
2.0.99beta1-2
2.1.1-1
2.1.3-1
2.1.4-1
2.1.4-2
2.1.5-1
2.1.5-2
2.1.5-3
2.1.6-1
2.1.7-1
2.1.7-2
2.2.0~beta2-1
2.2.0~beta3-1
2.2.1-1
2.2.2-1
2.2.3-1
2.2.4-1
2.2.5-1
2.2.5-2
2.2.6-1
2.2.7-1
2.2.7-2
2.2.7-2lenny1
2.2.7-2lenny2
2.2.7-2lenny3
2.2.7-3
2.3.2-1
2.3.2-2
2.3.3-1
2.3.4-1
2.3.4-2
2.3.4-3
2.3.4-4
2.3.4-5
2.3.4-6
2.3.4-7
2.4.5-1
2.4.5-2
2.4.5-3
2.4.5-4
2.4.5-5
2.4.6-1
2.4.6-2
2.4.7-1
2.4.7-2
2.4.7-3
2.4.7-4
2.4.7-5
2.4.7-6
2.4.7+dfsg1-1
2.4.8+dfsg1-1
2.4.9+dfsg1-1
2.4.9+dfsg1-2
2.4.9+dfsg1-3
2.4.9+dfsg1-3+squeeze1
2.4.9+dfsg1-3+squeeze3
2.4.9+dfsg1-3+squeeze4
2.4.9+dfsg1-3+squeeze5
2.4.9+dfsg1-4
2.4.9+dfsg1-5
2.4.10+dfsg1-1
2.4.10+dfsg1-2
2.4.10+dfsg1-3
3.*
3.0.8+dfsg1-1
3.0.9+dfsg1-1
3.0.10+dfsg1-1
3.0.10+dfsg1-2
3.0.11+dfsg1-1
3.1.0~beta4+dfsg1-1
3.1.0~beta5+dfsg1-1
3.1.0~rc1+dfsg1-1
3.1.1+dfsg1-1
3.1.1+dfsg1-2
3.1.2+dfsg1-1
3.1.2+dfsg1-2
3.1.2+dfsg1-3
3.1.3+dfsg1-1
3.1.3+dfsg1-2
3.1.4+dfsg1-1
3.1.5+dfsg1-1
3.1.5+dfsg1-2
3.1.5+dfsg1-3
3.1.6+dfsg1-1
3.1.7+dfsg1-1
3.1.7+dfsg1-2
3.1.7+dfsg1-3
3.1.7+dfsg1-4
3.1.7+dfsg1-5
3.1.7+dfsg1-6
3.1.7+dfsg1-7
3.1.7+dfsg1-8
3.1.8+dfsg1-1
3.1.9+dfsg1-1
3.1.10+dfsg1-1
3.1.11+dfsg1-1
3.1.12+dfsg1-1
3.1.12+dfsg1-2
3.1.12+dfsg1-3
3.2.1+dfsg1-1
3.2.2+dfsg1-1
3.2.3+dfsg1-1
3.2.4-1
3.2.5-1
3.2.6-1
3.2.6-2
3.2.7-1
3.2.7-2
3.2.8-1
3.2.9-1
3.2.9-2
3.2.10-1
3.2.10-2
3.2.11-1~bpo70+1
3.2.11-1
3.2.12-1
3.3.1-1
3.3.2-1
3.3.3-1
3.3.3-2
3.3.3-3
3.3.4-1
3.3.5-1
3.3.6-1
3.3.7-1
3.3.7-2
3.3.8-1
3.3.9-1
3.3.9-2
3.3.9-3~bpo70+1
3.3.9-3
3.3.10-1
3.3.11-1
3.3.18-1~deb7u1
3.3.18-1~deb7u2
3.3.18-1~deb7u3
4.*
4.0.5-1
4.0.5-2
4.0.6-1
4.0.7-1
4.0.7-2
4.0.8-1
4.0.9-1
4.0.10-1
4.0.11-1
4.0.12-1
4.0.13-1~bpo8+1
4.0.13-1
5.*
5.0.1-1
5.0.1-2
5.0.2-1
5.0.3-1
5.0.5-1
5.0.6-1~bpo8+1
5.0.6-1
5.0.7-1
5.0.8-1~bpo8+1
5.0.8-1
5.0.8+dfsg1-1
5.0.9+dfsg1-1
5.0.9+repack1-1
5.0.10-1~bpo8+1
5.0.10-1
5.0.11-1
5.0.12-1
5.0.13-1~bpo8+1
5.0.13-1
5.0.13-2
5.0.14-1~bpo8+1
5.0.14-1
5.0.15-1
5.0.16-1~bpo8+1
5.0.16-1
5.0.17-1
5.0.18-1
5.0.19-1
Git / github.com/otrs/otrs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/otrs/otrs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affected
Affected versions
Other
rel-1_0_0-RC1
rel-1_0_0-RC2
rel-1_0_0-RC3
rel-1_0_0_rc1
rel-1_0_0_rc2
rel-1_0_0_rc3
rel-1_1_0-RC1
rel-1_1_0-RC2
rel-1_1_0_rc1
rel-1_1_0_rc2
rel-1_2_0-b1
rel-1_2_0-b2
rel-1_2_0-b3
rel-1_2_0_beta1
rel-1_2_0_beta2
rel-1_2_0_beta3
rel-1_2_1
rel-2_0_0-b1
rel-2_0_0_beta1
rel-2_0_1
rel-2_0_2
rel-2_0_3
rel-2_1_0-b1
rel-2_1_0-b2
rel-2_1_0_beta1
rel-2_1_0_beta2
rel-2_1_1
rel-2_1_2
rel-2_1_3
rel-2_2_0-b1
rel-2_2_0-b2
rel-2_2_0-b3
rel-2_2_0-b4
rel-2_2_0_beta1
rel-2_2_0_beta2
rel-2_2_0_beta3
rel-2_2_0_beta4
rel-2_2_1
rel-2_2_2
rel-2_3_1
rel-2_3_2
rel-2_4_0-b2
rel-2_4_0-b3
rel-2_4_0-b4
rel-2_4_0-b6
rel-2_4_0_beta2
rel-2_4_0_beta3
rel-2_4_0_beta4
rel-2_4_0_beta6
rel-2_4_1
rel-2_4_2
rel-2_4_3
rel-2_4_4
rel-3_0_0-b2
rel-3_0_0-b3
rel-3_0_0-b4
rel-3_0_0-b5
rel-3_0_0-b7
rel-3_0_0_beta2
rel-3_0_0_beta3
rel-3_0_0_beta4
rel-3_0_0_beta5
rel-3_0_0_beta7
rel-3_0_1
rel-3_0_2
rel-3_0_3
rel-3_0_4
rel-3_1_0-b1
rel-3_1_0-b3
rel-3_1_0-b4
rel-3_1_0-b5
rel-3_1_0-rc1
rel-3_1_0_beta1
rel-3_1_0_beta3
rel-3_1_0_beta4
rel-3_1_0_beta5
rel-3_1_0_rc1
rel-3_1_2
rel-3_1_4
rel-3_2_0_beta1
rel-3_2_0_beta2
rel-3_2_0_beta3
rel-3_2_0_beta4
rel-3_2_0_beta5
rel-3_2_0_rc1
rel-3_2_1
rel-3_2_2
rel-3_2_3
rel-3_2_4
rel-3_3_0_beta1
rel-3_3_0_beta2
rel-3_3_0_beta3
rel-3_3_0_beta4
rel-3_3_0_beta5
rel-3_3_0_rc1
rel-3_3_1
rel-3_3_10
rel-3_3_11
rel-3_3_12
rel-3_3_13
rel-3_3_14
rel-3_3_15
rel-3_3_16
rel-3_3_2
rel-3_3_3
rel-3_3_4
rel-3_3_5
rel-3_3_6
rel-3_3_7
rel-3_3_8
rel-3_3_9
rel-4_0_0_beta1
rel-4_0_0_beta2
rel-4_0_0_beta3
rel-4_0_0_beta4
rel-4_0_0_beta5
rel-4_0_0_rc1
rel-4_0_1
rel-4_0_10
rel-4_0_11
rel-4_0_12
rel-4_0_13
rel-4_0_14
rel-4_0_15
rel-4_0_16
rel-4_0_17
rel-4_0_18
rel-4_0_19
rel-4_0_2
rel-4_0_20
rel-4_0_21
rel-4_0_22
rel-4_0_23
rel-4_0_3
rel-4_0_4
rel-4_0_5
rel-4_0_6
rel-4_0_7
rel-4_0_8
rel-4_0_9
rel-5_0_0_alpha1
rel-5_0_0_beta1
rel-5_0_0_beta2
rel-5_0_0_beta3
rel-5_0_0_beta4
rel-5_0_0_beta5
rel-5_0_0_rc1
rel-5_0_1
rel-5_0_10
rel-5_0_11
rel-5_0_12
rel-5_0_13
rel-5_0_14
rel-5_0_15
rel-5_0_16
rel-5_0_17
rel-5_0_18
rel-5_0_19
rel-5_0_2
rel-5_0_3
rel-5_0_4
rel-5_0_5
rel-5_0_6
rel-5_0_7
rel-5_0_8
rel-5_0_9