Web application abuses : OTRS SOAP Security Bypass Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803947

Categoría: Web application abuses

Título: OTRS SOAP Security Bypass Vulnerability

Resumen: OTRS (Open Ticket Request System) is prone to a security bypass vulnerability.

Descripción: Summary:
OTRS (Open Ticket Request System) is prone to a security bypass vulnerability.

Vulnerability Insight:
An error exists in SOAP interface which
fails to properly validate user credentials before performing certain actions.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to read and modify objects via the OTRS SOAP interface.

Affected Software/OS:
OTRS (Open Ticket Request System)
version 2.1.0 before 2.1.8 and 2.2.0 before 2.2.6

Solution:
Upgrade to OTRS version 2.1.8 or 2.2.6
or later.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1515
BugTraq ID: 28647
http://www.securityfocus.com/bid/28647
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html
http://secunia.com/advisories/29585
http://secunia.com/advisories/29622
http://secunia.com/advisories/29859
SuSE Security Announcement: SUSE-SR:2008:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
XForce ISS Database: otrs-soapinterface-weak-security(41577)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41577

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803947
Categoría:	Web application abuses
Título:	OTRS SOAP Security Bypass Vulnerability
Resumen:	OTRS (Open Ticket Request System) is prone to a security bypass vulnerability.
Descripción:	Summary: OTRS (Open Ticket Request System) is prone to a security bypass vulnerability. Vulnerability Insight: An error exists in SOAP interface which fails to properly validate user credentials before performing certain actions. Vulnerability Impact: Successful exploitation will allow remote attackers to read and modify objects via the OTRS SOAP interface. Affected Software/OS: OTRS (Open Ticket Request System) version 2.1.0 before 2.1.8 and 2.2.0 before 2.2.6 Solution: Upgrade to OTRS version 2.1.8 or 2.2.6 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1515 BugTraq ID: 28647 http://www.securityfocus.com/bid/28647 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html http://secunia.com/advisories/29585 http://secunia.com/advisories/29622 http://secunia.com/advisories/29859 SuSE Security Announcement: SUSE-SR:2008:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html XForce ISS Database: otrs-soapinterface-weak-security(41577) https://exchange.xforce.ibmcloud.com/vulnerabilities/41577
Copyright	Copyright (C) 2013 Greenbone AG