CVE-2017-16921
- Source
- https://cve.org/CVERecord?id=CVE-2017-16921
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16921.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-16921
- Downstream
- Published
- 2017-12-08T15:29:00.323Z
- Modified
- 2026-03-12T22:37:55.417890Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
- References
-
- http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html
- https://www.debian.org/security/2017/dsa-4066
- https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html
- https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
- https://www.exploit-db.com/exploits/43853/
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0.26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0-alpha1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0-beta2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0-beta3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0-beta4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0-beta5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.0-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0.24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-alpha1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-beta2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-beta3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-beta4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-beta5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16921.json"