CVE-2008-1515

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."

Published Bycve@mitre.org

Published DateApr 01, 2008, 17:44

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

6.4

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE

References

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://otrs.org/advisory/OSA-2008-01-en/
http://secunia.com/advisories/29585
http://secunia.com/advisories/29622
http://secunia.com/advisories/29859
http://www.securityfocus.com/bid/28647
https://exchange.xforce.ibmcloud.com/vulnerabilities/41577
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

6.4

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE