CVE-2010-4764
EPSS 0.30%
Description
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.
How to fix CVE-2010-4764
To remediate CVE-2010-4764, upgrade the affected package to a fixed version below.
- Debian/otrs2—upgrade to 2.4.10+dfsg1-1 or later
Is CVE-2010-4764 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.4.10+dfsg1-1