Vulnerability Details : CVE-2011-2746
Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.
Products affected by CVE-2011-2746
- cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2746
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2746
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
References for CVE-2011-2746
-
http://www.securityfocus.com/bid/49251
OTRS 'AdminPackageManager.pm' Local File Disclosure Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html
openSUSE-SU-2011:1017-1: moderate: otrs
-
http://otrs.org/advisory/OSA-2011-03-en/
404 Page | OTRSVendor Advisory
Jump to