CVE-2017-14635

HIGH

OTRS <3.3.18-5.0.23 - Privilege Escalation

Title source: llm
STIX 2.1

Description

In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4021

Scores

CVSS v3 8.8
EPSS 0.0192
EPSS Percentile 77.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (39)
otrs/otrs 3.3.0 (7 CPE variants)
otrs/otrs 3.3.1
otrs/otrs 3.3.2
otrs/otrs 3.3.3
otrs/otrs 3.3.4
otrs/otrs 3.3.5
otrs/otrs 3.3.6
otrs/otrs 3.3.7
otrs/otrs 3.3.8
otrs/otrs 3.3.9
... and 29 more
Published Sep 21, 2017
Tracked Since Feb 18, 2026