CVE-2008-1515

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
otrsotrs
2.1.0 ≤
𝑥
< 2.1.8
otrsotrs
2.2.0 ≤
𝑥
< 2.2.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
otrs2
bullseye/non-free
6.0.32-6
fixed
etch
not-affected
sarge
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
otrs
gutsy
dne
feisty
not-affected
edgy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://otrs.org/advisory/OSA-2008-01-en/
http://secunia.com/advisories/29585
http://secunia.com/advisories/29622
http://secunia.com/advisories/29859
http://www.securityfocus.com/bid/28647
https://exchange.xforce.ibmcloud.com/vulnerabilities/41577
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://otrs.org/advisory/OSA-2008-01-en/
http://secunia.com/advisories/29585
http://secunia.com/advisories/29622
http://secunia.com/advisories/29859
http://www.securityfocus.com/bid/28647
https://exchange.xforce.ibmcloud.com/vulnerabilities/41577
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html