← Back

CVE-2017-16921

nvd nist
Published: Dec 8, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Affected (70)

Products: Otrs: Otrs · Debian: Debian Linux
Otrs
1 product
Otrs
Debian
1 product
Debian Linux
Configuration A
67 vulnerable
Vulnerable SoftwareAffected Versions
Otrs
Otrs
Version 4.0.10
Otrs
Version 4.0.11
Otrs
Version 4.0.12
Otrs
Version 4.0.13
Otrs
Version 4.0.14
Otrs
Version 4.0.15
Otrs
Version 4.0.16
Otrs
Version 4.0.17
Otrs
Version 4.0.18
Otrs
Version 4.0.19
Otrs
Version 4.0.1
Otrs
Version 4.0.20
Otrs
Version 4.0.21
Otrs
Version 4.0.22
Otrs
Version 4.0.23
Otrs
Version 4.0.24
Otrs
Version 4.0.25
Otrs
Version 4.0.26
Otrs
Version 4.0.2
Otrs
Version 4.0.3
Otrs
Version 4.0.4
Otrs
Version 4.0.5
Otrs
Version 4.0.6
Otrs
Version 4.0.7
Otrs
Version 4.0.8
Otrs
Version 4.0.9
Otrs
Version 5.0.0
Otrs
Version 5.0.0 alpha1
Otrs
Version 5.0.0 beta1
Otrs
Version 5.0.0 beta2
Otrs
Version 5.0.0 beta3
Otrs
Version 5.0.0 beta4
Otrs
Version 5.0.0 beta5
Otrs
Version 5.0.0 rc1
Otrs
Version 5.0.10
Otrs
Version 5.0.11
Otrs
Version 5.0.12
Otrs
Version 5.0.13
Otrs
Version 5.0.14
Otrs
Version 5.0.15
Otrs
Version 5.0.16
Otrs
Version 5.0.17
Otrs
Version 5.0.18
Otrs
Version 5.0.19
Otrs
Version 5.0.1
Otrs
Version 5.0.20
Otrs
Version 5.0.21
Otrs
Version 5.0.22
Otrs
Version 5.0.23
Otrs
Version 5.0.24
Otrs
Version 5.0.2
Otrs
Version 5.0.3
Otrs
Version 5.0.4
Otrs
Version 5.0.5
Otrs
Version 5.0.6
Otrs
Version 5.0.7
Otrs
Version 5.0.8
Otrs
Version 5.0.9
Otrs
Version 6.0.0
Otrs
Version 6.0.0 alpha1
Otrs
Version 6.0.0 beta1
Otrs
Version 6.0.0 beta2
Otrs
Version 6.0.0 beta3
Otrs
Version 6.0.0 beta4
Otrs
Version 6.0.0 beta5
Otrs
Version 6.0.0 rc1
Otrs
Version 6.0.1
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory

Timeline

No history available yet.