High severity8.8NVD Advisory· Published Dec 8, 2017· Updated Jun 17, 2026
CVE-2017-16921
CVE-2017-16921
Description
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
71cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*+ 67 more
- cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:*
- (no CPE)range: 6.0.x up to and including 6.0.1, 5.0.x up to and including 5.0.24, and 4.0.x up to and including 4.0.26
Patches
Vulnerability mechanics
References
5- www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/nvdIssue TrackingPatchVendor Advisory
- www.exploit-db.com/exploits/43853/nvdExploitThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2017/12/msg00015.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-4066nvdMailing ListThird Party Advisory
- packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.htmlnvd
News mentions
0No linked articles in our index yet.