CVE-2011-2385

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

Published: Jul 19, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2385
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
otrs / iphonehandle	0.9.5	0.9.5.x
otrs / iphonehandle	0.9.4	0.9.4.x
otrs / iphonehandle	1.0.2	1.0.2.x
otrs / iphonehandle	1.0.1	1.0.1.x
otrs / iphonehandle	0.9.2	0.9.2.x
otrs / iphonehandle	0.9.3	0.9.3.x
otrs / iphonehandle	0.9.6	0.9.6.x
otrs / otrs	-	-
otrs / iphonehandle	0.9.1	0.9.1.x

http://osvdb.org/73885
http://otrs.org/advisory/OSA-2011-02-en/
http://secunia.com/advisories/45227
http://www.securityfocus.com/bid/48678
https://exchange.xforce.ibmcloud.com/vulnerabilities/68558

Vulnerability Database

289,697

CVE-2011-2385