High severity8.8NVD Advisory· Published Dec 20, 2017· Updated May 13, 2026
CVE-2017-17476
CVE-2017-17476
Description
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66ebnvdPatchThird Party Advisory
- github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fcnvdPatchThird Party Advisory
- github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953nvdPatchThird Party Advisory
- www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/nvdPatchVendor Advisory
- lists.debian.org/debian-lts-announce/2017/12/msg00018.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-4069nvdThird Party Advisory
News mentions
0No linked articles in our index yet.