CVE-2011-2385

Name	CVE-2011-2385
Description	The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
otrs2 (PTS)	buster/non-free	6.0.16-2	fixed
	buster/non-free (security)	6.0.16-2+deb10u1	fixed
	bullseye/non-free	6.0.32-6	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
otrs2	source	(unstable)	(not affected)

- otrs2 <not-affected> (does not include iPhoneHandle package)