CVE-2011-2746

Description

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.

How to fix CVE-2011-2746

To remediate CVE-2011-2746, upgrade the affected package to a fixed version below.

• Debian/otrs2—upgrade to 2.4.7-1 or later

Is CVE-2011-2746 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.4.7-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-2746