High severity8.8NVD Advisory· Published Dec 20, 2017· Updated Jun 17, 2026
CVE-2017-17476
CVE-2017-17476
Description
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
Affected products
7- Range: <4.0.28, <5.0.26, <6.0.3
Patches
Vulnerability mechanics
References
6- github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66ebnvdPatchThird Party Advisory
- github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fcnvdPatchThird Party Advisory
- github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953nvdPatchThird Party Advisory
- www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/nvdPatchVendor Advisory
- lists.debian.org/debian-lts-announce/2017/12/msg00018.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-4069nvdThird Party Advisory
News mentions
0No linked articles in our index yet.