VYPR
High severity8.8NVD Advisory· Published Dec 20, 2017· Updated Jun 17, 2026

CVE-2017-17476

CVE-2017-17476

Description

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

Affected products

7
  • OTRS/Otrsreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*range: >=4.0.0,<4.0.28
    • (no CPE)range: <4.0.28, <5.0.26, <6.0.3
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • Range: <4.0.28, <5.0.26, <6.0.3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.