Search for vulnerabilities
Vulnerability details: VCID-165a-p14h-aaan
Vulnerability ID VCID-165a-p14h-aaan
Aliases CVE-2017-16921
Summary In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
Status Published
Exploitability 2.0
Weighted Severity 8.1
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16921.html
epss 0.01728 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.01728 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.01728 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.01728 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.02336 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.33869 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.33869 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.33869 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.33869 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
epss 0.34941 https://api.first.org/data/v1/epss?cve=CVE-2017-16921
generic_textual Medium https://bugs.otrs.org/show_bug.cgi?id=13357
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16854
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16921
cvssv2 9.0 https://nvd.nist.gov/vuln/detail/CVE-2017-16921
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16921
generic_textual Medium https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
Reference id Reference type URL
http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16921.html
https://api.first.org/data/v1/epss?cve=CVE-2017-16921
https://bugs.otrs.org/show_bug.cgi?id=13357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16921
https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html
https://www.debian.org/security/2017/dsa-4066
https://www.exploit-db.com/exploits/43853/
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
883774 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883774
cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.20:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.23:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-16921 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/perl/webapps/43853.txt
CVE-2017-16921 https://nvd.nist.gov/vuln/detail/CVE-2017-16921
Data source Exploit-DB
Date added Jan. 21, 2018
Description OTRS 5.0.x/6.0.x - Remote Command Execution (1)
Ransomware campaign use Unknown
Source publication date Jan. 21, 2018
Exploit type webapps
Platform perl
Source update date April 22, 2021
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16921
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16921
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.87538
EPSS Score 0.01728
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.