Vulnerabilites related to otrs - otrs
CVE-2019-13457 (GCVE-0-2019-13457)
Vulnerability from cvelistv5
Published
2020-03-10 17:16
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their \"company\" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T14:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their \"company\" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.otrs.com/category/release-and-security-notes-en/",
"refsource": "MISC",
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/"
},
{
"name": "openSUSE-SU-2020:0551",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13457",
"datePublished": "2020-03-10T17:16:25",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2080 (GCVE-0-2010-2080)
Vulnerability from cvelistv5
Published
2010-09-20 20:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-unspecified-xss(61868)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61868"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-unspecified-xss(61868)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61868"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-2080",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41381"
},
{
"name": "http://otrs.org/advisory/OSA-2010-02-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-unspecified-xss(61868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61868"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2080",
"datePublished": "2010-09-20T20:00:00",
"dateReserved": "2010-05-26T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23794 (GCVE-0-2024-23794)
Vulnerability from cvelistv5
Published
2024-07-15 07:14
Modified
2024-08-01 23:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:46:31.889829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:27:36.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"inline editing"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"lessThanOrEqual": "2024.4.x",
"status": "affected",
"version": "2024.x",
"versionType": "Patch"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\u003cbr\u003e\u003ch2\u003e\u003cbr\u003e\u003c/h2\u003e\u003cbr\u003e"
}
],
"value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\n\n"
}
],
"datePublic": "2024-07-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.\u003cp\u003eThis issue affects OTRS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e8.0.X\u003c/li\u003e\u003cli\u003e2023.X\u003c/li\u003e\u003cli\u003efrom 2024.X through 2024.4.x\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T10:41:01.694Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.5.2\u003cbr\u003e"
}
],
"value": "Update to OTRS 2024.5.2\n"
}
],
"source": {
"advisory": "OSA-2024-06",
"defect": [
"Issue#2409",
"Ticket#2024042342000433"
],
"discovery": "USER"
},
"title": "Agents are able to lock the ticket without the \"Owner\" permission",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\u003cbr\u003e"
}
],
"value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23794",
"datePublished": "2024-07-15T07:14:09.557Z",
"dateReserved": "2024-01-22T10:32:00.705Z",
"dateUpdated": "2024-08-01T23:13:07.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36093 (GCVE-0-2021-36093)
Vulnerability from cvelistv5
Published
2021-09-06 13:15
Modified
2024-09-16 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-185 - Incorrect Regular Expression
Summary
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.28",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.15",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alberto Molina"
}
],
"datePublic": "2021-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185 Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T13:15:23",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.16, OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-16",
"defect": [
"2021070842000819"
],
"discovery": "USER"
},
"title": "DoS attack using PostMaster filters",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-09-06T00:00:00.000Z",
"ID": "CVE-2021-36093",
"STATE": "PUBLIC",
"TITLE": "DoS attack using PostMaster filters"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.28"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.15"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alberto Molina"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It\u0027s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-185 Incorrect Regular Expression"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.16, OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-16",
"defect": [
"2021070842000819"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36093",
"datePublished": "2021-09-06T13:15:24.049964Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-16T20:36:38.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9324 (GCVE-0-2017-9324)
Vulnerability from cvelistv5
Published
2017-06-12 06:00
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/"
},
{
"name": "DSA-3876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/"
},
{
"name": "DSA-3876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/",
"refsource": "MISC",
"url": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/"
},
{
"name": "DSA-3876",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3876"
},
{
"name": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9324",
"datePublished": "2017-06-12T06:00:00",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9299 (GCVE-0-2017-9299)
Vulnerability from cvelistv5
Published
2017-05-29 19:00
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-23T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9299",
"datePublished": "2017-05-29T19:00:00",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1694 (GCVE-0-2014-1694)
Vulnerability from cvelistv5
Published
2014-02-04 16:00
Modified
2024-08-06 09:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7"
},
{
"name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312"
},
{
"name": "56655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56655"
},
{
"name": "[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77"
},
{
"name": "56644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56644"
},
{
"name": "DSA-2867",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=10099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-25T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7"
},
{
"name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312"
},
{
"name": "56655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56655"
},
{
"name": "[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77"
},
{
"name": "56644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56644"
},
{
"name": "DSA-2867",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=10099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102632",
"refsource": "OSVDB",
"url": "http://osvdb.org/102632"
},
{
"name": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface"
},
{
"name": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7"
},
{
"name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"name": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"name": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312"
},
{
"name": "56655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56655"
},
{
"name": "[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/7"
},
{
"name": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77"
},
{
"name": "56644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56644"
},
{
"name": "DSA-2867",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=10099",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=10099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1694",
"datePublished": "2014-02-04T16:00:00",
"dateReserved": "2014-01-29T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36095 (GCVE-0-2021-36095)
Vulnerability from cvelistv5
Published
2021-09-06 13:15
Modified
2024-09-16 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < unspecified |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-18/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.28",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Malicious attacker is able to find out valid user logins by using the \"lost password\" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T13:15:27",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-18/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-18",
"defect": [
"2021062442001389"
],
"discovery": "USER"
},
"title": "User enumeration issue using \"lost password\" feature",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-09-06T00:00:00.000Z",
"ID": "CVE-2021-36095",
"STATE": "PUBLIC",
"TITLE": "User enumeration issue using \"lost password\" feature"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "6.0.1"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.28"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious attacker is able to find out valid user logins by using the \"lost password\" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-18/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-18/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-18",
"defect": [
"2021062442001389"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36095",
"datePublished": "2021-09-06T13:15:27.220553Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-16T17:58:45.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36094 (GCVE-0-2021-36094)
Vulnerability from cvelistv5
Published
2021-09-06 13:15
Modified
2024-09-16 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-17/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.28",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T13:15:25",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-17/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-17",
"defect": [
"2021062442001352"
],
"discovery": "USER"
},
"title": "XSS attack in appointment edit popup screen",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-09-06T00:00:00.000Z",
"ID": "CVE-2021-36094",
"STATE": "PUBLIC",
"TITLE": "XSS attack in appointment edit popup screen"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.28"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It\u0027s possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-17/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-17/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-17",
"defect": [
"2021062442001352"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36094",
"datePublished": "2021-09-06T13:15:25.712091Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-16T19:09:09.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39050 (GCVE-0-2022-39050)
Vulnerability from cvelistv5
Published
2022-09-05 06:40
Modified
2024-09-16 19:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x < Version: 8.0.x < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.36",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.24",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
},
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Aleksey Solovev for reporting these vulnerability."
}
],
"datePublic": "2022-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T06:40:11",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-11/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.37 or OTRS 8.0.25."
}
],
"source": {
"advisory": "OSA-2022-11",
"defect": [
"2022062842001012"
],
"discovery": "EXTERNAL"
},
"title": "Possible XSS stored in customer information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-09-05T07:00:00.000Z",
"ID": "CVE-2022-39050",
"STATE": "PUBLIC",
"TITLE": "Possible XSS stored in customer information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.36"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.24"
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Aleksey Solovev for reporting these vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-11/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-11/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.37 or OTRS 8.0.25."
}
],
"source": {
"advisory": "OSA-2022-11",
"defect": [
"2022062842001012"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-39050",
"datePublished": "2022-09-05T06:40:11.972213Z",
"dateReserved": "2022-08-31T00:00:00",
"dateUpdated": "2024-09-16T19:24:11.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7279 (GCVE-0-2008-7279)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-17 01:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3103",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3103"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7279",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:37.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21441 (GCVE-0-2021-21441)
Vulnerability from cvelistv5
Published
2021-06-16 09:50
Modified
2024-09-16 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-11/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.26",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a XSS vulnerability in the ticket overview screens. It\u0027s possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn\u0027t require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:27.744989",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-11/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.27."
}
],
"source": {
"advisory": "OSA-2021-11",
"defect": [
"2021042142004313"
],
"discovery": "EXTERNAL"
},
"title": "XSS in the ticket overview screens",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21441",
"datePublished": "2021-06-16T09:50:11.263977Z",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-09-16T16:23:02.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6540 (GCVE-0-2024-6540)
Vulnerability from cvelistv5
Published
2024-07-15 07:13
Modified
2024-08-01 21:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-790 - Improper Filtering of Special Elements
Summary
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.
This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:10:12.804749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:10:28.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"External interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"lessThanOrEqual": "2024.4.x",
"status": "affected",
"version": "2024.x",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-07-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\u003c/p\u003e"
}
],
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\nThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T10:41:47.335Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.5.2\u003cbr\u003e"
}
],
"value": "Update to OTRS 2024.5.2\n"
}
],
"source": {
"advisory": "OSA-2024-07",
"defect": [
"Issue##2638",
"Ticket#2024070142001245"
],
"discovery": "USER"
},
"title": "Information exlosure in external interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Have TicketSearchLegacyEngine enabled\u003cbr\u003e"
}
],
"value": "Have TicketSearchLegacyEngine enabled\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-6540",
"datePublished": "2024-07-15T07:13:49.918Z",
"dateReserved": "2024-07-08T07:35:49.064Z",
"dateUpdated": "2024-08-01T21:41:03.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7281 (GCVE-0-2008-7281)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=1882"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=1882"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=2814",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2814"
},
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=1882",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=1882"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7281",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:52.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39049 (GCVE-0-2022-39049)
Vulnerability from cvelistv5
Published
2022-09-05 06:40
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x < Version: 8.0.x < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.36",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.24",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
},
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Aleksey Solovev for reporting these vulnerability."
}
],
"datePublic": "2022-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T06:40:10",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-10/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.37 or OTRS 8.0.25."
}
],
"source": {
"advisory": "OSA-2022-10",
"defect": [
"2022062842001012"
],
"discovery": "EXTERNAL"
},
"title": "Possible XSS in Admin Interface",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-09-05T07:00:00.000Z",
"ID": "CVE-2022-39049",
"STATE": "PUBLIC",
"TITLE": "Possible XSS in Admin Interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.36"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.24"
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Aleksey Solovev for reporting these vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-10/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-10/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.37 or OTRS 8.0.25."
}
],
"source": {
"advisory": "OSA-2022-10",
"defect": [
"2022062842001012"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-39049",
"datePublished": "2022-09-05T06:40:11.053227Z",
"dateReserved": "2022-08-31T00:00:00",
"dateUpdated": "2024-09-16T23:10:38.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9892 (GCVE-0-2019-9892)
Vulnerability from cvelistv5
Published
2019-05-21 23:17
Modified
2024-08-04 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T14:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html"
},
{
"name": "https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9892",
"datePublished": "2019-05-21T23:17:49",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-04T22:01:54.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3551 (GCVE-0-2013-3551)
Vulnerability from cvelistv5
Published
2020-02-21 15:35
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-21T15:35:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2013-0196.html",
"refsource": "MISC",
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3551",
"datePublished": "2020-02-21T15:35:41",
"dateReserved": "2013-05-16T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4761 (GCVE-0-2010-4761)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5875"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5875"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=5875",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=5875"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4761",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:10.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5421 (GCVE-0-2023-5421)
Vulnerability from cvelistv5
Published
2023-10-16 08:10
Modified
2024-09-16 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs
immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x Version: 8.0.x |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:53:50.683230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:55:01.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003c/p\u003e"
}
],
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:55.114Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.47 or OTRS 8.0.37.\n\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.47 or OTRS 8.0.37.\n\n"
}
],
"source": {
"advisory": "OSA-2023-09",
"defect": [
"Issue#1214",
"Ticket#2023080742002233"
],
"discovery": "EXTERNAL"
},
"title": " Possible XSS execution in customer information ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Switch AdminCustomerUser::UseAutoComplete off\u003cbr\u003e"
}
],
"value": "Switch AdminCustomerUser::UseAutoComplete off\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-5421",
"datePublished": "2023-10-16T08:10:55.114Z",
"dateReserved": "2023-10-05T08:12:09.849Z",
"dateUpdated": "2024-09-16T16:55:01.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2553 (GCVE-0-2014-2553)
Vulnerability from cvelistv5
Published
2014-04-02 14:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-04-xss-issue"
},
{
"name": "openSUSE-SU-2014:0561",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-04-xss-issue"
},
{
"name": "openSUSE-SU-2014:0561",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57616"
},
{
"name": "https://www.otrs.com/security-advisory-2014-04-xss-issue",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-04-xss-issue"
},
{
"name": "openSUSE-SU-2014:0561",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2553",
"datePublished": "2014-04-02T14:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10066 (GCVE-0-2019-10066)
Vulnerability from cvelistv5
Published
2019-05-21 23:23
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-21T23:23:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10066",
"datePublished": "2019-05-21T23:23:15",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7282 (GCVE-0-2008-7282)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=2696",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2696"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7282",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T20:27:21.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21435 (GCVE-0-2021-21435)
Vulnerability from cvelistv5
Published
2021-02-08 10:55
Modified
2024-09-16 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-02/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.23",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.10",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "L\u00e1szl\u00f3 Gyaraki"
}
],
"datePublic": "2021-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T10:55:19",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-02/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.11 or OTRS 7.0.24."
}
],
"source": {
"advisory": "OSA-2021-02",
"defect": [
"2020111942002059"
],
"discovery": "INTERNAL"
},
"title": "Information exposure in PDF export",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-02-08T00:00:00.000Z",
"ID": "CVE-2021-21435",
"STATE": "PUBLIC",
"TITLE": "Information exposure in PDF export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.23"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.10"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "L\u00e1szl\u00f3 Gyaraki"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-02/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-02/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.11 or OTRS 7.0.24."
}
],
"source": {
"advisory": "OSA-2021-02",
"defect": [
"2020111942002059"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21435",
"datePublished": "2021-02-08T10:55:19.651769Z",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-09-16T22:35:33.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2385 (GCVE-0-2011-2385)
Vulnerability from cvelistv5
Published
2011-07-19 20:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/73885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2011-02-en/"
},
{
"name": "otrs-iphonehandle-priv-escalation(68558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68558"
},
{
"name": "48678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48678"
},
{
"name": "45227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "73885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/73885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2011-02-en/"
},
{
"name": "otrs-iphonehandle-priv-escalation(68558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68558"
},
{
"name": "48678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48678"
},
{
"name": "45227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73885",
"refsource": "OSVDB",
"url": "http://osvdb.org/73885"
},
{
"name": "http://otrs.org/advisory/OSA-2011-02-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2011-02-en/"
},
{
"name": "otrs-iphonehandle-priv-escalation(68558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68558"
},
{
"name": "48678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48678"
},
{
"name": "45227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2385",
"datePublished": "2011-07-19T20:00:00",
"dateReserved": "2011-06-05T00:00:00",
"dateUpdated": "2024-08-06T23:00:33.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1004 (GCVE-0-2022-1004)
Vulnerability from cvelistv5
Published
2022-03-21 09:15
Modified
2024-09-17 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.32",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.19",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Jasmin Hammes for reporting these vulnerability."
}
],
"datePublic": "2022-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T09:15:52",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-06/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.33 and OTRS 8.0.20."
}
],
"source": {
"advisory": "OSA-2022-06",
"defect": [
"2022011442000647"
],
"discovery": "USER"
},
"title": "Information disclosure in the External Interface",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-03-21T09:00:00.000Z",
"ID": "CVE-2022-1004",
"STATE": "PUBLIC",
"TITLE": "Information disclosure in the External Interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.32"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.19"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Jasmin Hammes for reporting these vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-06/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-06/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.33 and OTRS 8.0.20."
}
],
"source": {
"advisory": "OSA-2022-06",
"defect": [
"2022011442000647"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-1004",
"datePublished": "2022-03-21T09:15:52.322368Z",
"dateReserved": "2022-03-17T00:00:00",
"dateUpdated": "2024-09-17T02:32:38.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17883 (GCVE-0-2018-17883)
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2025-02-06 16:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-17883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:24:58.519315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:26:11.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"url": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17883",
"datePublished": "2023-04-15T00:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2025-02-06T16:26:11.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4767 (GCVE-0-2010-4767)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3426",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3426"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4767",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:10.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4088 (GCVE-0-2013-4088)
Vulnerability from cvelistv5
Published
2020-02-21 15:48
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/60688/discuss"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-21T15:48:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/60688/discuss"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2013-0196.html",
"refsource": "MISC",
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"name": "https://www.securityfocus.com/bid/60688/discuss",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/60688/discuss"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4088",
"datePublished": "2020-02-21T15:48:13",
"dateReserved": "2013-06-10T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5422 (GCVE-0-2023-5422)
Vulnerability from cvelistv5
Published
2023-10-16 08:10
Modified
2024-09-16 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x Version: 8.0.x |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:otrs_ag:otrs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "otrs",
"vendor": "otrs_ag",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:otrs_community_edition:otrs_community_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "otrs_community_edition",
"vendor": "otrs_community_edition",
"versions": [
{
"lessThan": "6.0.34",
"status": "affected",
"version": "6.0x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:57:40.338711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:02:52.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"E-Mail Backend"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"E-Mail Backend"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias Terlinde for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\n\nThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\n\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:35.192Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.47 or 8.0.37\n\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.47 or 8.0.37\n\n"
}
],
"source": {
"advisory": "OSA-2023-10",
"defect": [
"Issue#21",
"Issue#44",
"Ticket#2022062142000679",
"Ticket#2022061542000654"
],
"discovery": "USER"
},
"title": "SSL Certificates are not checked for E-Mail Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-5422",
"datePublished": "2023-10-16T08:10:35.192Z",
"dateReserved": "2023-10-05T08:12:18.101Z",
"dateUpdated": "2024-09-16T17:02:52.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7283 (GCVE-0-2008-7283)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=2544",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2544"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7283",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T21:03:22.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36100 (GCVE-0-2021-36100)
Vulnerability from cvelistv5
Published
2022-03-21 09:15
Modified
2024-09-17 02:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- rce
Summary
Specially crafted string in OTRS system configuration can allow the execution of any system command.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 8.0.x < Version: 7.0.x < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.19",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.32",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
},
{
"product": "SystemMonitoring",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.8",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
},
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRSSTORM",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.27",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.11",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
},
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Rayhan Ahmed and Maxime Brigaudeau for reporting these vulnerability."
}
],
"datePublic": "2022-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Specially crafted string in OTRS system configuration can allow the execution of any system command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "rce",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:07.668759",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.20, OTRS 7.0.33. Update to OTRSSTORM 8.0.12, OTRS 7.0.28. Update to SystemMonitoring 8.0.9, OTRS 7.0.19."
}
],
"source": {
"advisory": "OSA-2022-03",
"defect": [
"2020093042003988",
"2020090442000735",
"2021102242000358"
],
"discovery": "USER"
},
"title": "Authenticated remote code execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36100",
"datePublished": "2022-03-21T09:15:24.697180Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-17T02:00:46.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0438 (GCVE-0-2010-0438)
Vulnerability from cvelistv5
Published
2010-02-09 19:00
Modified
2024-08-07 00:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:17.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.otrs.org/news/2010/otrs_2-4-7/"
},
{
"name": "38507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38507"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/releases/2.4.7/"
},
{
"name": "38146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38146"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2010-01-en/"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "62181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62181"
},
{
"name": "38544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.otrs.org/news/2010/otrs_2-4-7/"
},
{
"name": "38507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38507"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/releases/2.4.7/"
},
{
"name": "38146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38146"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2010-01-en/"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "62181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62181"
},
{
"name": "38544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.otrs.org/news/2010/otrs_2-4-7/",
"refsource": "CONFIRM",
"url": "http://www.otrs.org/news/2010/otrs_2-4-7/"
},
{
"name": "38507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38507"
},
{
"name": "http://otrs.org/releases/2.4.7/",
"refsource": "CONFIRM",
"url": "http://otrs.org/releases/2.4.7/"
},
{
"name": "38146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38146"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log"
},
{
"name": "http://otrs.org/advisory/OSA-2010-01-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2010-01-en/"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "62181",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62181"
},
{
"name": "38544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0438",
"datePublished": "2010-02-09T19:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:52:17.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10067 (GCVE-0-2019-10067)
Vulnerability from cvelistv5
Published
2019-05-21 23:09
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T14:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10067",
"datePublished": "2019-05-21T23:09:13",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36096 (GCVE-0-2021-36096)
Vulnerability from cvelistv5
Published
2021-09-06 14:50
Modified
2024-09-16 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.28",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.15",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Terlinde"
}
],
"datePublic": "2021-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T14:50:11",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.16 or OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-10",
"defect": [
"2021050342000331",
"2021072642001436"
],
"discovery": "USER"
},
"title": "Support Bundle includes S/Mime and PGP secret or PIN",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-09-06T00:00:00.000Z",
"ID": "CVE-2021-36096",
"STATE": "PUBLIC",
"TITLE": "Support Bundle includes S/Mime and PGP secret or PIN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.28"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.15"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Terlinde"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.16 or OTRS 7.0.29."
}
],
"source": {
"advisory": "OSA-2021-10",
"defect": [
"2021050342000331",
"2021072642001436"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36096",
"datePublished": "2021-09-06T14:50:11.706653Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-16T18:34:20.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1765 (GCVE-0-2020-1765)
Vulnerability from cvelistv5
Published
2020-01-10 15:08
Modified
2024-09-16 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-472 - External Control of Assumed-Immutable Web Parameter
Summary
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 5.0.x version 5.0.39 and prior versions Version: 6.0.x version 6.0.24 and prior versions |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "5.0.x version 5.0.39 and prior versions"
},
{
"status": "affected",
"version": "6.0.x version 6.0.24 and prior versions"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x version 7.0.13 and prior versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sebastian Renker, Jonas Becker"
}
],
"datePublic": "2020-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:14.280325",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.14, ((OTRS)) Community Edition 6.0.25, ((OTRS)) Community Edition 5.0.40"
},
{
"lang": "en",
"value": "Patch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 \nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3"
}
],
"source": {
"advisory": "OSA-2020-01",
"defect": [
"2019100942003876"
],
"discovery": "EXTERNAL"
},
"title": "Spoofing of From field in several screens",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1765",
"datePublished": "2020-01-10T15:08:55.756034Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T22:15:10.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1248 (GCVE-0-2023-1248)
Vulnerability from cvelistv5
Published
2023-03-20 08:19
Modified
2025-02-26 19:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-01/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T19:22:15.560961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:22:27.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Ticket Actions"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.42",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"Ticket Actions"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.1",
"versionType": "All"
}
]
}
],
"datePublic": "2023-03-20T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-20T08:20:17.212Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-01/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.42\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.42\n"
}
],
"source": {
"advisory": "OSA-2023-01",
"defect": [
"364"
],
"discovery": "USER"
},
"title": " Possible XSS in Ticket Actions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-1248",
"datePublished": "2023-03-20T08:19:34.182Z",
"dateReserved": "2023-03-07T09:06:22.435Z",
"dateUpdated": "2025-02-26T19:22:27.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12248 (GCVE-0-2019-12248)
Vulnerability from cvelistv5
Published
2019-06-17 00:00
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:39.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:37.221292",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12248",
"datePublished": "2019-06-17T00:00:00",
"dateReserved": "2019-05-21T00:00:00",
"dateUpdated": "2024-08-04T23:17:39.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5056 (GCVE-0-2009-5056)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3583",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3583"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5056",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T18:34:52.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32740 (GCVE-0-2022-32740)
Vulnerability from cvelistv5
Published
2022-06-13 08:00
Modified
2024-09-16 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:45.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-08/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.34",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.22",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Oliver Gernetzke and Francesco Barba for reporting these vulnerability."
}
],
"datePublic": "2022-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T08:00:48",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-08/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.23 or OTRS 7.0.35."
}
],
"source": {
"advisory": "OSA-2022-08",
"defect": [
"2022010742001151",
"2022033142001673"
],
"discovery": "USER"
},
"title": "Information disclosure in the External Interface",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-06-13T07:00:00.000Z",
"ID": "CVE-2022-32740",
"STATE": "PUBLIC",
"TITLE": "Information disclosure in the External Interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.34"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.22"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Oliver Gernetzke and Francesco Barba for reporting these vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-08/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-08/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.23 or OTRS 7.0.35."
}
],
"source": {
"advisory": "OSA-2022-08",
"defect": [
"2022010742001151",
"2022033142001673"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-32740",
"datePublished": "2022-06-13T08:00:48.928529Z",
"dateReserved": "2022-06-09T00:00:00",
"dateUpdated": "2024-09-16T19:09:59.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1778 (GCVE-0-2020-1778)
Vulnerability from cvelistv5
Published
2020-11-23 15:32
Modified
2024-09-16 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-16/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.9",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "L\u00e1szl\u00f3 Gyaraki"
}
],
"datePublic": "2020-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T15:32:46",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-16/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 8.0.10"
}
],
"source": {
"advisory": "OSA-2020-16",
"defect": [
"2020111442000202"
],
"discovery": "INTERNAL"
},
"title": "Bypassing user account validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2020-11-23T00:00:00.000Z",
"ID": "CVE-2020-1778",
"STATE": "PUBLIC",
"TITLE": "Bypassing user account validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.9"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "L\u00e1szl\u00f3 Gyaraki"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2020-16/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-16/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to OTRS 8.0.10"
}
],
"source": {
"advisory": "OSA-2020-16",
"defect": [
"2020111442000202"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1778",
"datePublished": "2020-11-23T15:32:46.740926Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T23:40:42.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7278 (GCVE-0-2008-7278)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 17:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:35.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2844"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2844"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=2539",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2539"
},
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=2844",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2844"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7278",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T17:04:10.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16921 (GCVE-0-2017-16921)
Vulnerability from cvelistv5
Published
2017-12-08 15:00
Modified
2024-08-05 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "43853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43853/"
},
{
"name": "DSA-4066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T17:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "43853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43853/"
},
{
"name": "DSA-4066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "43853",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43853/"
},
{
"name": "DSA-4066",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"name": "http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16921",
"datePublished": "2017-12-08T15:00:00",
"dateReserved": "2017-11-21T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38060 (GCVE-0-2023-38060)
Vulnerability from cvelistv5
Published
2023-07-24 08:28
Modified
2025-02-13 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.
This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x Version: 8.0.x |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:31.274099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:03:28.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Generic Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.45",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.35",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"Generic Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.1",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-07-24T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.\u0026nbsp;\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.\u00a0\n\n\nThis issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141 Cache Poisoning"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:43.640Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 8.0.35 or OTRS 7.0.45\u003cbr\u003e"
}
],
"value": "Update to OTRS 8.0.35 or OTRS 7.0.45"
}
],
"source": {
"advisory": "OSA-2023-04",
"defect": [
"Issue#1027",
"Ticket#2023041142001466"
],
"discovery": "EXTERNAL"
},
"title": "Host header injection by attachments in web service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-38060",
"datePublished": "2023-07-24T08:28:13.816Z",
"dateReserved": "2023-07-12T08:05:38.781Z",
"dateUpdated": "2025-02-13T17:01:45.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16664 (GCVE-0-2017-16664)
Vulnerability from cvelistv5
Published
2017-11-21 14:00
Modified
2024-08-05 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4047",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4047",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4047",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16664",
"datePublished": "2017-11-21T14:00:00",
"dateReserved": "2017-11-08T00:00:00",
"dateUpdated": "2024-08-05T20:27:04.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6254 (GCVE-0-2023-6254)
Vulnerability from cvelistv5
Published
2023-11-27 09:44
Modified
2024-10-15 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-
This issue affects OTRS: from 8.0.X through 8.0.37.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:14.848049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:45:11.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"AgentInterface",
"ExternalInterface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2023-11-27T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 8.0.X through 8.0.37.\u003c/p\u003e"
}
],
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\nThis issue affects OTRS: from 8.0.X through 8.0.37.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T09:44:00.273Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS Patch 2023.1.1\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2023.1.1\n"
}
],
"source": {
"advisory": "OSA-2023-11",
"defect": [
"Issue#1390",
"Ticket#2023083042000825"
],
"discovery": "USER"
},
"title": "Password is send back to client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-6254",
"datePublished": "2023-11-27T09:44:00.273Z",
"dateReserved": "2023-11-22T12:14:39.322Z",
"dateUpdated": "2024-10-15T17:45:11.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36097 (GCVE-0-2021-36097)
Vulnerability from cvelistv5
Published
2021-10-18 07:00
Modified
2024-09-16 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-20/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.16",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to lock the ticket without the \"Owner\" permission. Once the ticket is locked, it could be moved to the queue where the agent has \"rw\" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-18T07:00:13",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-20/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.17."
}
],
"source": {
"advisory": "OSA-2021-20",
"defect": [
"2021083142001442"
],
"discovery": "USER"
},
"title": "Agents are able to lock the ticket without the \"Owner\" permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-10-18T00:00:00.000Z",
"ID": "CVE-2021-36097",
"STATE": "PUBLIC",
"TITLE": "Agents are able to lock the ticket without the \"Owner\" permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.16"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to lock the ticket without the \"Owner\" permission. Once the ticket is locked, it could be moved to the queue where the agent has \"rw\" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-20/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-20/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.17."
}
],
"source": {
"advisory": "OSA-2021-20",
"defect": [
"2021083142001442"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36097",
"datePublished": "2021-10-18T07:00:13.855031Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-16T22:51:23.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7277 (GCVE-0-2008-7277)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:35.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3045",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3045"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7277",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T17:49:07.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5055 (GCVE-0-2009-5055)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=4105",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4105"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5055",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T18:44:17.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4764 (GCVE-0-2010-4764)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6131"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6131"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=6131",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=6131"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4764",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T17:58:06.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39051 (GCVE-0-2022-39051)
Vulnerability from cvelistv5
Published
2022-09-05 06:40
Modified
2024-09-16 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Summary
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x 7.0.36 Version: 8.0.x 8.0.24 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x 7.0.36"
},
{
"status": "affected",
"version": "8.0.x 8.0.24"
}
]
},
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T06:40:12",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.25 or OTRS 7.0.37."
}
],
"source": {
"advisory": "OSA-2022-12",
"defect": [
"2022042942000784"
],
"discovery": "USER"
},
"title": "Perl Code execution in Template Toolkit",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-09-05T07:00:00.000Z",
"ID": "CVE-2022-39051",
"STATE": "PUBLIC",
"TITLE": "Perl Code execution in Template Toolkit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_name": "7.0.x",
"version_value": "7.0.36"
},
{
"version_name": "8.0.x",
"version_value": "8.0.24"
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.25 or OTRS 7.0.37."
}
],
"source": {
"advisory": "OSA-2022-12",
"defect": [
"2022042942000784"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-39051",
"datePublished": "2022-09-05T06:40:12.771350Z",
"dateReserved": "2022-08-31T00:00:00",
"dateUpdated": "2024-09-16T17:18:42.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24387 (GCVE-0-2025-24387)
Vulnerability from cvelistv5
Published
2025-03-10 09:28
Modified
2025-03-10 13:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
Summary
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive
cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.x
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T13:12:24.747437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T13:12:40.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Application Server"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"status": "affected",
"version": "2024.x"
},
{
"lessThanOrEqual": "2025.1.2",
"status": "affected",
"version": "2025.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Alissa Kim for reporting this vulnerability."
}
],
"datePublic": "2025-03-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\u003cbr\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOTRS 7.0.X\u003c/li\u003e\u003cli\u003eOTRS 8.0.X\u003c/li\u003e\u003cli\u003eOTRS 2023.X\u003c/li\u003e\u003cli\u003eOTRS 2024.X\u003c/li\u003e\u003cli\u003eOTRS 2025.x \u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\n\u00a0\n\nThis issue affects:\n\n * OTRS 7.0.X\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n * OTRS 2025.x"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1275",
"description": "CWE-1275: Sensitive Cookie with Improper SameSite Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T09:28:31.053Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-05/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2025.2.x. Please note that there will be no OTRS 7 patches\u003cbr\u003e"
}
],
"value": "Update to OTRS 2025.2.x. Please note that there will be no OTRS 7 patches"
}
],
"source": {
"advisory": "OSA-2025-05",
"defect": [
"Issue#3080",
"Ticket#2024110542002023"
],
"discovery": "EXTERNAL"
},
"title": "Missing CSRF protection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2025-24387",
"datePublished": "2025-03-10T09:28:31.053Z",
"dateReserved": "2025-01-21T09:09:58.720Z",
"dateUpdated": "2025-03-10T13:12:40.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16375 (GCVE-0-2019-16375)
Vulnerability from cvelistv5
Published
2020-03-19 00:00
Modified
2024-08-05 01:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-13/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:46.244310",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-13/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16375",
"datePublished": "2020-03-19T00:00:00",
"dateReserved": "2019-09-16T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36091 (GCVE-0-2021-36091)
Vulnerability from cvelistv5
Published
2021-07-26 04:25
Modified
2024-09-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-14/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.27",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:38.799737",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-14/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.28."
}
],
"source": {
"advisory": "OSA-2021-14",
"defect": [
"2021062442001398"
],
"discovery": "USER"
},
"title": "Unautorized access to the calendar appointments",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36091",
"datePublished": "2021-07-26T04:25:41.820529Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-16T17:59:18.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38058 (GCVE-0-2023-38058)
Vulnerability from cvelistv5
Published
2023-07-24 08:28
Modified
2024-10-17 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.
This issue affects OTRS: from 8.0.X before 8.0.35.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-07/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:36.299740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:03:11.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Agent interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "8.0.35",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
}
],
"datePublic": "2023-07-24T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 8.0.X before 8.0.35.\u003c/p\u003e"
}
],
"value": "An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.\nThis issue affects OTRS: from 8.0.X before 8.0.35.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T08:28:03.242Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-07/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 8.0.35\u003cbr\u003e"
}
],
"value": "Update to OTRS 8.0.35\n"
}
],
"source": {
"advisory": "OSA-2023-07",
"defect": [
"Issue#1023",
"Ticket#2022090542001523"
],
"discovery": "USER"
},
"title": "Tickets can be moved without permissions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-38058",
"datePublished": "2023-07-24T08:28:03.242Z",
"dateReserved": "2023-07-12T08:05:38.780Z",
"dateUpdated": "2024-10-17T13:03:11.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0473 (GCVE-0-2022-0473)
Vulnerability from cvelistv5
Published
2022-02-07 10:25
Modified
2024-09-16 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.31",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T10:25:11",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.32"
}
],
"source": {
"advisory": "OSA-2022-01",
"defect": [
"2021093042002361"
],
"discovery": "USER"
},
"title": "Dynamic field error message is vulnerable to XSS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-02-07T09:00:00.000Z",
"ID": "CVE-2022-0473",
"STATE": "PUBLIC",
"TITLE": "Dynamic field error message is vulnerable to XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.31"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.32"
}
],
"source": {
"advisory": "OSA-2022-01",
"defect": [
"2021093042002361"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-0473",
"datePublished": "2022-02-07T10:25:11.723196Z",
"dateReserved": "2022-02-02T00:00:00",
"dateUpdated": "2024-09-16T23:01:44.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23790 (GCVE-0-2024-23790)
Vulnerability from cvelistv5
Published
2024-01-29 09:21
Modified
2025-06-17 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T13:20:27.471691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:17.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent Interface",
"External Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023",
"versionType": "Patch"
},
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:21:14.996Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-01",
"defect": [
"Ticket#2023083042000825",
"Issue#1306"
],
"discovery": "EXTERNAL"
},
"title": "Missing file type check in avatar picture upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23790",
"datePublished": "2024-01-29T09:21:14.996Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2025-06-17T21:29:17.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1695 (GCVE-0-2014-1695)
Vulnerability from cvelistv5
Published
2014-02-28 17:00
Modified
2024-08-06 09:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36842",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/36842/"
},
{
"name": "65844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65844"
},
{
"name": "57018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-03-xss-issue"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html"
},
{
"name": "openSUSE-SU-2014:0360",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://adamziaja.com/poc/201401-xss-otrs.html"
},
{
"name": "103781",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/103781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36842",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/36842/"
},
{
"name": "65844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65844"
},
{
"name": "57018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-03-xss-issue"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html"
},
{
"name": "openSUSE-SU-2014:0360",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://adamziaja.com/poc/201401-xss-otrs.html"
},
{
"name": "103781",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/103781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36842",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36842/"
},
{
"name": "65844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65844"
},
{
"name": "57018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57018"
},
{
"name": "https://www.otrs.com/security-advisory-2014-03-xss-issue",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-03-xss-issue"
},
{
"name": "http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html"
},
{
"name": "openSUSE-SU-2014:0360",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html"
},
{
"name": "http://adamziaja.com/poc/201401-xss-otrs.html",
"refsource": "MISC",
"url": "http://adamziaja.com/poc/201401-xss-otrs.html"
},
{
"name": "103781",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/103781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1695",
"datePublished": "2014-02-28T17:00:00",
"dateReserved": "2014-01-29T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21439 (GCVE-0-2021-21439)
Vulnerability from cvelistv5
Published
2021-06-14 07:55
Modified
2024-09-16 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-09/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.26",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.13",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:20.978358",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-09/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.14 or OTRS 7.0.27."
}
],
"source": {
"advisory": "OSA-2021-09",
"defect": [
"2021031142000285"
],
"discovery": "USER"
},
"title": "Possible DoS attack using a special crafted URL in email body",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21439",
"datePublished": "2021-06-14T07:55:10.080008Z",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-09-16T19:52:22.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38059 (GCVE-0-2023-38059)
Vulnerability from cvelistv5
Published
2023-10-16 08:10
Modified
2024-09-16 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x Version: 8.0.x |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:56:02.147025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:56:26.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Agent Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003c/p\u003e"
}
],
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:44.014Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 8.0.37 or OTRS 7.0.47\u003cbr\u003e"
}
],
"value": "Update to OTRS 8.0.37 or OTRS 7.0.47\n"
}
],
"source": {
"advisory": "OSA-2023-08",
"defect": [
"Issue#1185",
"Ticket#2023041342000623"
],
"discovery": "EXTERNAL"
},
"title": "External pictures can be loaded even if not allowed by configuration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-38059",
"datePublished": "2023-10-16T08:10:44.014Z",
"dateReserved": "2023-07-12T08:05:38.780Z",
"dateUpdated": "2024-09-16T16:56:26.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12746 (GCVE-0-2019-12746)
Vulnerability from cvelistv5
Published
2019-08-21 00:00
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:10.774918",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"url": "https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12746",
"datePublished": "2019-08-21T00:00:00",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4763 (GCVE-0-2010-4763)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=4399",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4399"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4763",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T20:07:00.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1771 (GCVE-0-2020-1771)
Vulnerability from cvelistv5
Published
2020-03-27 12:47
Modified
2024-09-17 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.x < |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-08/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.26",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Christoph Wuetschner"
}
],
"datePublic": "2020-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:17.362255",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-08/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27\n\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2"
}
],
"source": {
"advisory": "OSA-2020-08",
"defect": [
"2020022642002875"
],
"discovery": "EXTERNAL"
},
"title": "Possible XSS in Customer user address book",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1771",
"datePublished": "2020-03-27T12:47:49.462891Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-17T03:28:52.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1250 (GCVE-0-2023-1250)
Vulnerability from cvelistv5
Published
2023-03-20 08:20
Modified
2025-02-26 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names
This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x Version: 8.0.x |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-02/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T19:20:26.729445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:20:36.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"ACL"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.42",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.31",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"ACL"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.1",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-03-20T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names\nThis issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-20T08:20:39.331Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-02/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate to OTRS 7.0.42, OTRS 8.0.31\u003c/p\u003e"
}
],
"value": "Update to OTRS 7.0.42, OTRS 8.0.31\n\n"
}
],
"source": {
"advisory": "OSA-2023-02",
"defect": [
"356",
"2022121942001554"
],
"discovery": "EXTERNAL"
},
"title": "Code execution through ACL creation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-1250",
"datePublished": "2023-03-20T08:20:39.331Z",
"dateReserved": "2023-03-07T09:36:16.027Z",
"dateUpdated": "2025-02-26T19:20:36.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4717 (GCVE-0-2013-4717)
Vulnerability from cvelistv5
Published
2021-08-09 18:03
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T18:03:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4717",
"datePublished": "2021-08-09T18:03:00",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18180 (GCVE-0-2019-18180)
Vulnerability from cvelistv5
Published
2019-12-05 14:54
Modified
2024-09-16 19:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:29.257231",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.13 or OTRS 6.0.24 or OTRS 5.0.39"
},
{
"lang": "en",
"value": "Patch for ((OTRS)) Community Edition 6.0: https://github.com/OTRS/otrs/commit/799616eb43f7fb53cae4e04c81e2156baaf02e2b \nPatch for ((OTRS)) Community Edition 5.0: https://github.com/OTRS/otrs/commit/76b301f4e3f45cb23bb6a3d6907028c733d11145"
}
],
"source": {
"advisory": "OSA-2019-15",
"discovery": "USER"
},
"title": "Denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18180",
"datePublished": "2019-12-05T14:54:55.931744Z",
"dateReserved": "2019-10-17T00:00:00",
"dateUpdated": "2024-09-16T19:24:26.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4759 (GCVE-0-2010-4759)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=1639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=1639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=1639",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=1639"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4759",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T16:22:32.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16854 (GCVE-0-2017-16854)
Vulnerability from cvelistv5
Published
2017-12-08 17:00
Modified
2024-08-05 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "DSA-4066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "DSA-4066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "DSA-4066",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"name": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16854",
"datePublished": "2017-12-08T17:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17476 (GCVE-0-2017-17476)
Vulnerability from cvelistv5
Published
2017-12-20 17:00
Modified
2024-08-05 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc"
},
{
"name": "DSA-4069",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4069"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1215-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc"
},
{
"name": "DSA-4069",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4069"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1215-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953"
},
{
"name": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/"
},
{
"name": "https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc"
},
{
"name": "DSA-4069",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4069"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1215-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html"
},
{
"name": "https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17476",
"datePublished": "2017-12-20T17:00:00",
"dateReserved": "2017-12-08T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1770 (GCVE-0-2020-1770)
Vulnerability from cvelistv5
Published
2020-03-27 12:47
Modified
2024-09-17 01:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Information Exposure Through Sent Data
Summary
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 5.0.x < Version: 6.0.x < |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-07/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "5.0.41",
"status": "affected",
"version": "5.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.26",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Terlinde"
}
],
"datePublic": "2020-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Information Exposure Through Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:22.490248",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-07/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, ((OTRS)) Community Edition 5.0.42.\n\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95\nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d"
}
],
"source": {
"advisory": "OSA-2020-07",
"defect": [
"2020021442001997"
],
"discovery": "USER"
},
"title": "Information disclosure in support bundle files",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1770",
"datePublished": "2020-03-27T12:47:49.421305Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-17T01:11:13.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10065 (GCVE-0-2019-10065)
Vulnerability from cvelistv5
Published
2020-03-10 12:41
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T12:41:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/category/release-and-security-notes-en/",
"refsource": "MISC",
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10065",
"datePublished": "2020-03-10T12:41:10",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11563 (GCVE-0-2018-11563)
Vulnerability from cvelistv5
Published
2019-07-08 12:23
Modified
2024-08-05 08:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.otrs.org/pipermail/announce/2018/000720.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1877-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer\u0027s browser in the context of the OTRS customer panel application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-14T13:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.otrs.org/pipermail/announce/2018/000720.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1877-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer\u0027s browser in the context of the OTRS customer panel application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.otrs.com/category/release-and-security-notes-en/",
"refsource": "MISC",
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"name": "https://lists.otrs.org/pipermail/announce/2018/000720.html",
"refsource": "CONFIRM",
"url": "https://lists.otrs.org/pipermail/announce/2018/000720.html"
},
{
"name": "https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1877-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11563",
"datePublished": "2019-07-08T12:23:59",
"dateReserved": "2018-05-30T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4427 (GCVE-0-2022-4427)
Vulnerability from cvelistv5
Published
2022-12-19 08:09
Modified
2025-04-14 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice
This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.1 Version: 8.0.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T18:03:48.009731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:03:54.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Generic Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.40 Patch 1",
"status": "affected",
"version": "7.0.1",
"versionType": "Patch 1 (2022-12-19)"
},
{
"lessThan": "8.0.28 Patch 1",
"status": "affected",
"version": "8.0.1",
"versionType": "Patch 1 (2022-12-19)"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"Generic Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.1",
"versionType": "All"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TicketSearch Webservice has to be configured\u003cbr\u003e"
}
],
"value": "TicketSearch Webservice has to be configured"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2022-12-19T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice\nThis issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:34.631Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 7.0.40 Patch 1 or OTRS 8.0.28 Patch 1 released on 19th December 2022\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.40 Patch 1 or OTRS 8.0.28 Patch 1 released on 19th December 2022"
}
],
"source": {
"advisory": "OSA-2022-15",
"discovery": "EXTERNAL"
},
"title": "SQL Injection via OTRS Search API",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-4427",
"datePublished": "2022-12-19T08:09:51.646Z",
"dateReserved": "2022-12-12T16:11:40.741Z",
"dateUpdated": "2025-04-14T18:03:54.260Z",
"requesterUserId": "e1930910-48a6-4f4e-9306-261ea8c0e8b1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1767 (GCVE-0-2020-1767)
Vulnerability from cvelistv5
Published
2020-01-10 15:09
Modified
2024-09-16 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Sender spoofing
Summary
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.x version 6.0.24 and prior versions |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "6.0.x version 6.0.24 and prior versions"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x version 7.0.13 and prior versions"
}
]
}
],
"datePublic": "2020-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sender spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:04.665672",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.14, ((OTRS)) Community Edition 6.0.25"
},
{
"lang": "en",
"value": "Patch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570"
}
],
"source": {
"advisory": "OSA-2020-03",
"defect": [
"2019121042000738"
],
"discovery": "USER"
},
"title": "Possible to send drafted messages as wrong agent",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1767",
"datePublished": "2020-01-10T15:09:00.608111Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T16:33:51.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4762 (GCVE-0-2010-4762)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the \"source code\" feature in the customer interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the \"source code\" feature in the customer interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=5724",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=5724"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4762",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:20.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1471 (GCVE-0-2014-1471)
Vulnerability from cvelistv5
Published
2014-02-04 16:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82"
},
{
"name": "65241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65241"
},
{
"name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-02-sql-injection-issue"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949"
},
{
"name": "102661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"name": "56655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56655"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d"
},
{
"name": "56644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56644"
},
{
"name": "DSA-2867",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82"
},
{
"name": "65241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65241"
},
{
"name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-02-sql-injection-issue"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949"
},
{
"name": "102661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"name": "56655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56655"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d"
},
{
"name": "56644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56644"
},
{
"name": "DSA-2867",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82"
},
{
"name": "65241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65241"
},
{
"name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"name": "https://www.otrs.com/security-advisory-2014-02-sql-injection-issue",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-02-sql-injection-issue"
},
{
"name": "https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949"
},
{
"name": "102661",
"refsource": "OSVDB",
"url": "http://osvdb.org/102661"
},
{
"name": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"name": "56655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56655"
},
{
"name": "https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d"
},
{
"name": "56644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56644"
},
{
"name": "DSA-2867",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1471",
"datePublished": "2014-02-04T16:00:00",
"dateReserved": "2014-01-15T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23792 (GCVE-0-2024-23792)
Vulnerability from cvelistv5
Published
2024-01-29 09:20
Modified
2024-11-12 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
When adding attachments to ticket comments,
another user can add attachments as well impersonating the orginal user. The attack requires a
logged-in other user to know the UUID. While the legitimate user
completes the comment, the malicious user can add more files to the
comment.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T21:46:29.598781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:47:04.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"internal API"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\u003c/p\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\u003c/p\u003e"
}
],
"value": "When adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\n\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194 Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:20:40.920Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003c/div\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-03",
"defect": [
"Issue#1392",
"Ticket#2023083042000825"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient access control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23792",
"datePublished": "2024-01-29T09:20:06.829Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2024-11-12T21:47:04.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3895 (GCVE-0-2005-3895)
Vulnerability from cvelistv5
Published
2005-11-29 21:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"name": "otrs-email-attachment-xss(23355)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23355"
},
{
"name": "21066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21066"
},
{
"name": "200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "DSA-973",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15537/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"name": "otrs-email-attachment-xss(23355)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23355"
},
{
"name": "21066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21066"
},
{
"name": "200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "DSA-973",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15537/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"name": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"name": "otrs-email-attachment-xss(23355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23355"
},
{
"name": "21066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21066"
},
{
"name": "200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/200"
},
{
"name": "http://otrs.org/advisory/OSA-2005-01-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "DSA-973",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18101"
},
{
"name": "SUSE-SR:2005:030",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15537/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3895",
"datePublished": "2005-11-29T21:00:00",
"dateReserved": "2005-11-29T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2554 (GCVE-0-2014-2554)
Vulnerability from cvelistv5
Published
2014-04-23 14:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:34.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/"
},
{
"name": "openSUSE-SU-2014:0561",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/"
},
{
"name": "openSUSE-SU-2014:0561",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/"
},
{
"name": "openSUSE-SU-2014:0561",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2554",
"datePublished": "2014-04-23T14:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:21:34.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1774 (GCVE-0-2020-1774)
Vulnerability from cvelistv5
Published
2020-04-28 13:54
Modified
2024-09-16 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Information Exposure Through Sent Data
Summary
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.x <= 6.0.27 Version: 5.0.x <= 5.0.42 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-11/"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "6.0.x \u003c= 6.0.27"
},
{
"status": "affected",
"version": "5.0.x \u003c= 5.0.42"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x \u003c= 7.0.16"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Terlinde"
}
],
"datePublic": "2020-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it\u0027s possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Information Exposure Through Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:06.193689",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-11/"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.17, ((OTRS)) Community Edition 6.0.28\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342\nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/fb0e6131e79aa2ba9c7acbd16f4ee4e73289f64b"
}
],
"source": {
"advisory": "OSA-2020-11",
"defect": [
"2020021442001602"
],
"discovery": "USER"
},
"title": "Information disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1774",
"datePublished": "2020-04-28T13:54:26.180850Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T18:13:37.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18179 (GCVE-0-2019-18179)
Vulnerability from cvelistv5
Published
2020-01-06 00:00
Modified
2024-08-05 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20200101 [SECURITY] [DLA 2053-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn\u0027t have permissions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:01.437912",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20200101 [SECURITY] [DLA 2053-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18179",
"datePublished": "2020-01-06T00:00:00",
"dateReserved": "2019-10-17T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4600 (GCVE-0-2012-4600)
Vulnerability from cvelistv5
Published
2012-08-31 14:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
},
{
"name": "50615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name": "VU#511404",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
},
{
"name": "50615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name": "VU#511404",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://znuny.com/en/#!/advisory/ZSA-2012-02",
"refsource": "MISC",
"url": "http://znuny.com/en/#!/advisory/ZSA-2012-02"
},
{
"name": "50615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50615"
},
{
"name": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name": "VU#511404",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/511404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4600",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-08-22T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32739 (GCVE-0-2022-32739)
Vulnerability from cvelistv5
Published
2022-06-13 08:00
Modified
2024-09-17 02:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x < Version: 8.0.x < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:45.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.34",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.22",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRSCalendarResourcePlanning",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.30",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.20",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to L\u00e1szl\u00f3 Gyaraki for reporting these vulnerability."
}
],
"datePublic": "2022-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T08:00:33",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-07/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.23 or OTRS 7.0.35.\nUpdate to OTRSCalendarResourcePlanning 8.0.23 or OTRSCalendarResourcePlanning 7.0.31."
}
],
"source": {
"advisory": "OSA-2022-07",
"defect": [
"2022031642001899"
],
"discovery": "INTERNAL"
},
"title": "OTRS version number is always in the exported ICS files",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-06-13T07:00:00.000Z",
"ID": "CVE-2022-32739",
"STATE": "PUBLIC",
"TITLE": "OTRS version number is always in the exported ICS files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.34"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.22"
}
]
}
},
{
"product_name": "OTRSCalendarResourcePlanning",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.30"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.20"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to L\u00e1szl\u00f3 Gyaraki for reporting these vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-07/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-07/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.23 or OTRS 7.0.35.\nUpdate to OTRSCalendarResourcePlanning 8.0.23 or OTRSCalendarResourcePlanning 7.0.31."
}
],
"source": {
"advisory": "OSA-2022-07",
"defect": [
"2022031642001899"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-32739",
"datePublished": "2022-06-13T08:00:33.252564Z",
"dateReserved": "2022-06-09T00:00:00",
"dateUpdated": "2024-09-17T02:47:17.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1775 (GCVE-0-2020-1775)
Vulnerability from cvelistv5
Published
2020-06-08 15:29
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-12/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.3",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-08T15:29:40",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-12/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.18 and OTRS 8.0.4."
}
],
"source": {
"defect": [
"2020050742001441"
],
"discovery": "USER"
},
"title": "Information disclosure in external interface",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2020-06-08T00:00:00.000Z",
"ID": "CVE-2020-1775",
"STATE": "PUBLIC",
"TITLE": "Information disclosure in external interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.17"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.3"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2020-12/",
"refsource": "MISC",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-12/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.18 and OTRS 8.0.4."
}
],
"source": {
"defect": [
"2020050742001441"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1775",
"datePublished": "2020-06-08T15:29:40.513794Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T22:30:23.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38056 (GCVE-0-2023-38056)
Vulnerability from cvelistv5
Published
2023-07-24 08:27
Modified
2024-10-23 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x Version: 8.0.x |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:12.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-05/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:47:42.741098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:49:19.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"System Configuration",
"UnitTests"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.45",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.35",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.1",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-07-24T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T08:27:26.270Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-05/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 8.0.35 or OTRS 7.0.45\u003cbr\u003e"
}
],
"value": "Update to OTRS 8.0.35 or OTRS 7.0.45\n"
}
],
"source": {
"advisory": "OSA-2023-05",
"defect": [
"1025",
"Ticket#2023041142000636"
],
"discovery": "EXTERNAL"
},
"title": "Code execution via System Configuration ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-38056",
"datePublished": "2023-07-24T08:27:13.127Z",
"dateReserved": "2023-07-12T08:05:38.780Z",
"dateUpdated": "2024-10-23T17:49:19.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4071 (GCVE-0-2010-4071)
Vulnerability from cvelistv5
Published
2011-01-20 18:00
Modified
2024-09-16 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/68882"
},
{
"name": "41978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41978"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/342687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2010-03-en/"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-20T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/68882"
},
{
"name": "41978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41978"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/342687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2010-03-en/"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68882",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68882"
},
{
"name": "41978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41978"
},
{
"name": "http://bugs.gentoo.org/342687",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/342687"
},
{
"name": "http://otrs.org/advisory/OSA-2010-03-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2010-03-en/"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html",
"refsource": "MISC",
"url": "http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4071",
"datePublished": "2011-01-20T18:00:00Z",
"dateReserved": "2010-10-25T00:00:00Z",
"dateUpdated": "2024-09-16T17:58:40.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0456 (GCVE-0-2011-0456)
Vulnerability from cvelistv5
Published
2011-03-11 17:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73162541",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73162541/index.html"
},
{
"name": "JVNDB-2011-000019",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019"
},
{
"name": "openSUSE-SU-2011:0278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/7797670"
},
{
"name": "43960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a \"command injection vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73162541",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73162541/index.html"
},
{
"name": "JVNDB-2011-000019",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019"
},
{
"name": "openSUSE-SU-2011:0278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/7797670"
},
{
"name": "43960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-0456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a \"command injection vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73162541",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73162541/index.html"
},
{
"name": "JVNDB-2011-000019",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019"
},
{
"name": "openSUSE-SU-2011:0278",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/7797670"
},
{
"name": "43960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-0456",
"datePublished": "2011-03-11T17:00:00",
"dateReserved": "2011-01-14T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1769 (GCVE-0-2020-1769)
Vulnerability from cvelistv5
Published
2020-03-27 12:47
Modified
2024-09-17 01:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-16 - Configuration
Summary
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 5.0.x < Version: 6.0.x < |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-06/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "5.0.41",
"status": "affected",
"version": "5.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.26",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin M\u00f8ller"
}
],
"datePublic": "2020-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:09.195145",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-06/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, ((OTRS)) Community Edition 5.0.42.\n\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93\nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/7974ea582211c13730d223fc4dcdffa542af423f"
}
],
"source": {
"advisory": "OSA-2020-06",
"defect": [
"2020011042000836"
],
"discovery": "EXTERNAL"
},
"title": "Autocomplete in the form login screens",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1769",
"datePublished": "2020-03-27T12:47:49.378986Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-17T01:27:02.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9752 (GCVE-0-2019-9752)
Vulnerability from cvelistv5
Published
2019-03-13 22:00
Modified
2024-08-04 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework"
},
{
"name": "[debian-lts-announce] 20190319 [SECURITY] [DLA 1721-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T14:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework"
},
{
"name": "[debian-lts-announce] 20190319 [SECURITY] [DLA 1721-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework"
},
{
"name": "[debian-lts-announce] 20190319 [SECURITY] [DLA 1721-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html"
},
{
"name": "openSUSE-SU-2020:0551",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9752",
"datePublished": "2019-03-13T22:00:00",
"dateReserved": "2019-03-13T00:00:00",
"dateUpdated": "2024-08-04T22:01:54.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21443 (GCVE-0-2021-21443)
Vulnerability from cvelistv5
Published
2021-07-26 04:25
Modified
2024-09-16 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-13/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.27",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:56.804777",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-13/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.28."
}
],
"source": {
"advisory": "OSA-2021-13",
"defect": [
"2021062442001361"
],
"discovery": "USER"
},
"title": "Unautorized listing of the customer user emails",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21443",
"datePublished": "2021-07-26T04:25:40.249893Z",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-09-16T20:11:31.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9751 (GCVE-0-2019-9751)
Vulnerability from cvelistv5
Published
2019-03-13 22:00
Modified
2024-09-16 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-13T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9751",
"datePublished": "2019-03-13T22:00:00Z",
"dateReserved": "2019-03-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:42:19.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2524 (GCVE-0-2007-2524)
Vulnerability from cvelistv5
Published
2007-05-08 23:00
Modified
2024-08-07 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.virtuax.be/?page=library\u0026id=35\u0026type=Exploits"
},
{
"name": "20070611 Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial ofservice",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471192/100/0/threaded"
},
{
"name": "otrs-indexpl-xss(34164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34164"
},
{
"name": "23862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23862"
},
{
"name": "25205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25205"
},
{
"name": "35822",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35822"
},
{
"name": "DSA-1298",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1298"
},
{
"name": "2668",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2668"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "20070507 OTRS \u003c= 2.0.x XSS/XSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467870/100/0/threaded"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25787"
},
{
"name": "25419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25419"
},
{
"name": "35821",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35821"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.virtuax.be/?page=library\u0026id=35\u0026type=Exploits"
},
{
"name": "20070611 Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial ofservice",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471192/100/0/threaded"
},
{
"name": "otrs-indexpl-xss(34164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34164"
},
{
"name": "23862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23862"
},
{
"name": "25205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25205"
},
{
"name": "35822",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35822"
},
{
"name": "DSA-1298",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1298"
},
{
"name": "2668",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2668"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "20070507 OTRS \u003c= 2.0.x XSS/XSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467870/100/0/threaded"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25787"
},
{
"name": "25419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25419"
},
{
"name": "35821",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35821"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1698",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1698"
},
{
"name": "http://www.virtuax.be/?page=library\u0026id=35\u0026type=Exploits",
"refsource": "MISC",
"url": "http://www.virtuax.be/?page=library\u0026id=35\u0026type=Exploits"
},
{
"name": "20070611 Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial ofservice",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471192/100/0/threaded"
},
{
"name": "otrs-indexpl-xss(34164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34164"
},
{
"name": "23862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23862"
},
{
"name": "25205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25205"
},
{
"name": "35822",
"refsource": "OSVDB",
"url": "http://osvdb.org/35822"
},
{
"name": "DSA-1298",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1298"
},
{
"name": "2668",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2668"
},
{
"name": "SUSE-SR:2007:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "20070507 OTRS \u003c= 2.0.x XSS/XSRF",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467870/100/0/threaded"
},
{
"name": "25787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25787"
},
{
"name": "25419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25419"
},
{
"name": "35821",
"refsource": "OSVDB",
"url": "http://osvdb.org/35821"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2524",
"datePublished": "2007-05-08T23:00:00",
"dateReserved": "2007-05-08T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3476 (GCVE-0-2010-3476)
Vulnerability from cvelistv5
Published
2010-09-20 21:00
Modified
2024-08-07 03:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:44.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-regexpression-dos(61869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-regexpression-dos(61869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-2080",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41381"
},
{
"name": "http://otrs.org/advisory/OSA-2010-02-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-regexpression-dos(61869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3476",
"datePublished": "2010-09-20T21:00:00",
"dateReserved": "2010-09-20T00:00:00",
"dateUpdated": "2024-08-07T03:11:44.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4718 (GCVE-0-2013-4718)
Vulnerability from cvelistv5
Published
2021-08-09 18:03
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T18:03:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4718",
"datePublished": "2021-08-09T18:03:05",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20800 (GCVE-0-2018-20800)
Vulnerability from cvelistv5
Published
2019-03-13 22:00
Modified
2024-09-17 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-13T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20800",
"datePublished": "2019-03-13T22:00:00Z",
"dateReserved": "2019-03-13T00:00:00Z",
"dateUpdated": "2024-09-17T00:42:05.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14635 (GCVE-0-2017-14635)
Vulnerability from cvelistv5
Published
2017-09-21 13:00
Modified
2024-08-05 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4021",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4021"
},
{
"name": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14635",
"datePublished": "2017-09-21T13:00:00",
"dateReserved": "2017-09-21T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1433 (GCVE-0-2011-1433)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6878"
},
{
"name": "otrs-agentinterface-info-disc(66196)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6878"
},
{
"name": "otrs-agentinterface-info-disc(66196)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=6878",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=6878"
},
{
"name": "otrs-agentinterface-info-disc(66196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66196"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1433",
"datePublished": "2011-03-18T16:00:00",
"dateReserved": "2011-03-18T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21440 (GCVE-0-2021-21440)
Vulnerability from cvelistv5
Published
2021-07-26 04:25
Modified
2024-09-16 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.27",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.14",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Julian Droste"
}
],
"datePublic": "2021-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:58.211209",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.15 or OTRS 7.0.28."
}
],
"source": {
"advisory": "OSA-2021-10",
"defect": [
"2021050342000331"
],
"discovery": "USER"
},
"title": "Support Bundle includes S/Mime and PGP keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21440",
"datePublished": "2021-07-26T04:25:37.050952Z",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-09-16T17:43:49.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10198 (GCVE-0-2018-10198)
Vulnerability from cvelistv5
Published
2018-06-06 20:00
Modified
2024-08-05 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-06T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10198",
"datePublished": "2018-06-06T20:00:00",
"dateReserved": "2018-04-18T00:00:00",
"dateUpdated": "2024-08-05T07:32:01.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3501 (GCVE-0-2022-3501)
Vulnerability from cvelistv5
Published
2022-10-17 08:55
Modified
2025-05-10 02:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Article template contents with sensitive data could be accessed from agents without permissions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Accessing template content without permissions | OTRS |
Version: 8.0.x < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:54:22.279923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:54:36.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "Accessing template content without permissions",
"versions": [
{
"lessThanOrEqual": "8.0.25",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Article template contents with sensitive data could be accessed from agents without permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.26"
}
],
"source": {
"advisory": "OSA-2022-14",
"defect": [
"2022090142001791"
],
"discovery": "USER"
},
"title": "Information exposure of template content due to missing check of permissions",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-3501",
"datePublished": "2022-10-17T08:55:11.089Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:54:36.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1776 (GCVE-0-2020-1776)
Vulnerability from cvelistv5
Published
2020-07-20 21:04
Modified
2024-09-17 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.x < |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-13/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.28",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.4",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marvin Voormann"
}
],
"datePublic": "2020-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:12.227150",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-13/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 8.0.5, OTRS 7.0.19, ((OTRS)) Community Edition 6.0.29\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/4514f95f747be368c3dc9a9452ff9aa66506648d"
}
],
"source": {
"advisory": "OSA-2020-13",
"defect": [
"2020052042004084"
],
"discovery": "INTERNAL"
},
"title": "Invalidating or changing user does not invalidate session",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1776",
"datePublished": "2020-07-20T21:04:19.291845Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-17T00:26:58.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3894 (GCVE-0-2005-3894)
Vulnerability from cvelistv5
Published
2005-11-29 21:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"name": "21067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "otrs-queue-selection-xss(23356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23356"
},
{
"name": "DSA-973",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "otrs-index-xss(23359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23359"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "1015262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015262"
},
{
"name": "17685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15537/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"name": "21067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "otrs-queue-selection-xss(23356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23356"
},
{
"name": "DSA-973",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "otrs-index-xss(23359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23359"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "1015262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015262"
},
{
"name": "17685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15537/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"name": "21067",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21067"
},
{
"name": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"name": "http://otrs.org/advisory/OSA-2005-01-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "otrs-queue-selection-xss(23356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23356"
},
{
"name": "DSA-973",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18101"
},
{
"name": "otrs-index-xss(23359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23359"
},
{
"name": "SUSE-SR:2005:030",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "1015262",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015262"
},
{
"name": "17685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15537/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3894",
"datePublished": "2005-11-29T21:00:00",
"dateReserved": "2005-11-29T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12497 (GCVE-0-2019-12497)
Vulnerability from cvelistv5
Published
2019-06-17 00:00
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:24.082289",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12497",
"datePublished": "2019-06-17T00:00:00",
"dateReserved": "2019-05-31T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7275 (GCVE-0-2008-7275)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 17:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3287",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3287"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7275",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T17:34:16.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7567 (GCVE-0-2018-7567)
Vulnerability from cvelistv5
Published
2018-03-04 20:00
Modified
2024-08-05 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0day.today/exploit/29938"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating \"the behaviour is as designed and needed for different packages to be installed\", \"there is a security warning if the package is not verified by OTRS Group\", and \"there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0day.today/exploit/29938"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating \"the behaviour is as designed and needed for different packages to be installed\", \"there is a security warning if the package is not verified by OTRS Group\", and \"there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0day.today/exploit/29938",
"refsource": "MISC",
"url": "https://0day.today/exploit/29938"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7567",
"datePublished": "2018-03-04T20:00:00",
"dateReserved": "2018-02-28T00:00:00",
"dateUpdated": "2024-08-05T06:31:05.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4758 (GCVE-0-2010-4758)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:34.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=6302",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=6302"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4758",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:44.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1515 (GCVE-0-2008-1515)
Vulnerability from cvelistv5
Published
2008-04-01 17:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "29859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29859"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2008-01-en/"
},
{
"name": "28647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28647"
},
{
"name": "29585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29585"
},
{
"name": "FEDORA-2008-3100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html"
},
{
"name": "otrs-soapinterface-weak-security(41577)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to \"read and modify objects\" via SOAP requests, related to \"Missing security checks.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "29859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29859"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2008-01-en/"
},
{
"name": "28647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28647"
},
{
"name": "29585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29585"
},
{
"name": "FEDORA-2008-3100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html"
},
{
"name": "otrs-soapinterface-weak-security(41577)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to \"read and modify objects\" via SOAP requests, related to \"Missing security checks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29622"
},
{
"name": "29859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29859"
},
{
"name": "SUSE-SR:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "http://otrs.org/advisory/OSA-2008-01-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2008-01-en/"
},
{
"name": "28647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28647"
},
{
"name": "29585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29585"
},
{
"name": "FEDORA-2008-3100",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html"
},
{
"name": "otrs-soapinterface-weak-security(41577)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1515",
"datePublished": "2008-04-01T17:00:00",
"dateReserved": "2008-03-25T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5057 (GCVE-0-2009-5057)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 23:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3462"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3462"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3462",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3462"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5057",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:42.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2746 (GCVE-0-2011-2746)
Vulnerability from cvelistv5
Published
2011-08-29 15:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:24.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45894"
},
{
"name": "49251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49251"
},
{
"name": "74602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/74602"
},
{
"name": "openSUSE-SU-2011:1017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html"
},
{
"name": "45701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45701"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2011-03-en/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45894"
},
{
"name": "49251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49251"
},
{
"name": "74602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/74602"
},
{
"name": "openSUSE-SU-2011:1017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html"
},
{
"name": "45701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45701"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2011-03-en/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45894"
},
{
"name": "49251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49251"
},
{
"name": "74602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/74602"
},
{
"name": "openSUSE-SU-2011:1017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html"
},
{
"name": "45701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45701"
},
{
"name": "http://otrs.org/advisory/OSA-2011-03-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2011-03-en/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2746",
"datePublished": "2011-08-29T15:00:00",
"dateReserved": "2011-07-14T00:00:00",
"dateUpdated": "2024-08-06T23:08:24.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0475 (GCVE-0-2022-0475)
Vulnerability from cvelistv5
Published
2022-03-21 09:15
Modified
2024-09-17 02:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.32",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.19",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Bal\u00e1zs \u00dar for reporting these vulnerability."
}
],
"datePublic": "2022-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T09:15:38",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-05/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.33 and OTRS 8.0.20."
}
],
"source": {
"advisory": "OSA-2022-05",
"defect": [
"2021120142000652"
],
"discovery": "INTERNAL"
},
"title": "Possible XSS attack via translation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-03-21T09:00:00.000Z",
"ID": "CVE-2022-0475",
"STATE": "PUBLIC",
"TITLE": "Possible XSS attack via translation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.32"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.19"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Bal\u00e1zs \u00dar for reporting these vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-05/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-05/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.33 and OTRS 8.0.20."
}
],
"source": {
"advisory": "OSA-2022-05",
"defect": [
"2021120142000652"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-0475",
"datePublished": "2022-03-21T09:15:38.679984Z",
"dateReserved": "2022-02-02T00:00:00",
"dateUpdated": "2024-09-17T02:01:40.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1766 (GCVE-0-2020-1766)
Vulnerability from cvelistv5
Published
2020-01-10 15:08
Modified
2024-09-17 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 5.0.x version 5.0.39 and prior versions Version: 6.0.x version 6.0.24 and prior versions |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "5.0.x version 5.0.39 and prior versions"
},
{
"status": "affected",
"version": "6.0.x version 6.0.24 and prior versions"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x version 7.0.13 and prior versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton Astaf\u0027ev"
}
],
"datePublic": "2020-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:59.708432",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.14, ((OTRS)) Community Edition 6.0.25, ((OTRS)) Community Edition 5.0.40"
},
{
"lang": "en",
"value": "Patch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 \nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a"
}
],
"source": {
"advisory": "OSA-2020-02",
"defect": [
"2019112942001838"
],
"discovery": "EXTERNAL"
},
"title": "Improper handling of uploaded inline images",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1766",
"datePublished": "2020-01-10T15:08:57.704919Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-17T00:10:59.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4768 (GCVE-0-2010-4768)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 23:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3499",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3499"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4768",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:25.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7280 (GCVE-0-2008-7280)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 21:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:35.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=2934",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2934"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7280",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T21:56:46.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1777 (GCVE-0-2020-1777)
Vulnerability from cvelistv5
Published
2020-10-15 18:52
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-15/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.21",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.6",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "L\u00e1szl\u00f3 Gyaraki"
}
],
"datePublic": "2020-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-15T18:52:13",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-15/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.22, OTRS 8.0.7"
}
],
"source": {
"advisory": "OSA-2020-15",
"defect": [
"2020052942000321"
],
"discovery": "INTERNAL"
},
"title": "Agent names disclosed in chat feature",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2020-10-12T00:00:00.000Z",
"ID": "CVE-2020-1777",
"STATE": "PUBLIC",
"TITLE": "Agent names disclosed in chat feature"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.21"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.6"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "L\u00e1szl\u00f3 Gyaraki"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2020-15/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-15/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.22, OTRS 8.0.7"
}
],
"source": {
"advisory": "OSA-2020-15",
"defect": [
"2020052942000321"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1777",
"datePublished": "2020-10-15T18:52:13.636983Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-17T01:16:05.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4751 (GCVE-0-2012-4751)
Vulnerability from cvelistv5
Published
2012-10-22 16:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html"
},
{
"name": "56093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56093"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-03"
},
{
"name": "VU#603276",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/603276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2013:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html"
},
{
"name": "56093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56093"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-03"
},
{
"name": "VU#603276",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/603276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html"
},
{
"name": "56093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56093"
},
{
"name": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py",
"refsource": "CONFIRM",
"url": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py"
},
{
"name": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/"
},
{
"name": "http://znuny.com/en/#!/advisory/ZSA-2012-03",
"refsource": "CONFIRM",
"url": "http://znuny.com/en/#!/advisory/ZSA-2012-03"
},
{
"name": "VU#603276",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/603276"
},
{
"name": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4751",
"datePublished": "2012-10-22T16:00:00",
"dateReserved": "2012-09-04T00:00:00",
"dateUpdated": "2024-08-06T20:42:55.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9139 (GCVE-0-2016-9139)
Vulnerability from cvelistv5
Published
2017-02-16 18:00
Modified
2024-08-06 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2016-02-security-update-otrs/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T10:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "94141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2016-02-security-update-otrs/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94141"
},
{
"name": "https://www.otrs.com/security-advisory-2016-02-security-update-otrs/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2016-02-security-update-otrs/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9139",
"datePublished": "2017-02-16T18:00:00",
"dateReserved": "2016-11-01T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2582 (GCVE-0-2012-2582)
Vulnerability from cvelistv5
Published
2012-08-23 10:00
Modified
2024-08-06 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"name": "VU#582879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"name": "50513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50513"
},
{
"name": "DSA-2536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-06T10:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "openSUSE-SU-2012:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"name": "VU#582879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"name": "50513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50513"
},
{
"name": "DSA-2536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:1105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"name": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"name": "VU#582879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"name": "50513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50513"
},
{
"name": "DSA-2536",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2582",
"datePublished": "2012-08-23T10:00:00",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13458 (GCVE-0-2019-13458)
Vulnerability from cvelistv5
Published
2019-08-21 00:00
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:H/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:03.072927",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"url": "https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13458",
"datePublished": "2019-08-21T00:00:00",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3893 (GCVE-0-2005-3893)
Vulnerability from cvelistv5
Published
2005-11-29 21:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21065"
},
{
"name": "18887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "DSA-973",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "21064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21064"
},
{
"name": "otrs-login-sql-injection(23352)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23352"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "otrs-agentticketplain-sql-injection(23354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23354"
},
{
"name": "1015262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015262"
},
{
"name": "17685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15537/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21065"
},
{
"name": "18887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "DSA-973",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "21064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21064"
},
{
"name": "otrs-login-sql-injection(23352)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23352"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "otrs-agentticketplain-sql-injection(23354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23354"
},
{
"name": "1015262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015262"
},
{
"name": "17685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15537/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21065"
},
{
"name": "18887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18887"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"name": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"name": "http://otrs.org/advisory/OSA-2005-01-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"name": "20051122 OTRS 1.x/2.x Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"name": "ADV-2005-2535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"name": "DSA-973",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"name": "18101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18101"
},
{
"name": "21064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21064"
},
{
"name": "otrs-login-sql-injection(23352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23352"
},
{
"name": "SUSE-SR:2005:030",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "otrs-agentticketplain-sql-injection(23354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23354"
},
{
"name": "1015262",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015262"
},
{
"name": "17685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17685/"
},
{
"name": "15537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15537/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3893",
"datePublished": "2005-11-29T21:00:00",
"dateReserved": "2005-11-29T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39052 (GCVE-0-2022-39052)
Vulnerability from cvelistv5
Published
2022-10-17 08:55
Modified
2025-05-10 02:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 7.0.x < Version: 8.0.x < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:55:15.763183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:55:29.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.39",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.26",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
},
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.26 or OTRS 7.0.38."
}
],
"source": {
"advisory": "OSA-2022-13",
"defect": [
"2022070642001105"
],
"discovery": "USER"
},
"title": "DoS attack using email",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-39052",
"datePublished": "2022-10-17T08:55:10.047Z",
"dateReserved": "2022-08-31T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:55:29.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4760 (GCVE-0-2010-4760)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=5975",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=5975"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4760",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T21:03:38.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23791 (GCVE-0-2024-23791)
Vulnerability from cvelistv5
Published
2024-01-29 09:21
Modified
2025-05-29 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:47.563428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:10:14.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Log Backend"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023.x",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\u003c/p\u003e"
}
],
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-545",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-545 Pull Data from System Resources"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:21:00.278Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-02",
"defect": [
"Issue#1224",
"Ticket#2021091742001128"
],
"discovery": "USER"
},
"title": "Unnecessary data is written to log if issues during indexing occurs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23791",
"datePublished": "2024-01-29T09:21:00.278Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2025-05-29T15:10:14.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36092 (GCVE-0-2021-36092)
Vulnerability from cvelistv5
Published
2021-07-26 04:25
Modified
2024-09-17 03:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 6.0.1 < 6.0.x* |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-15/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.27",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.14",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-26T04:25:43",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-15/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.15 or OTRS 7.0.28."
}
],
"source": {
"advisory": "OSA-2021-15",
"defect": [
"2021061442000603"
],
"discovery": "USER"
},
"title": "XSS attack using special link in email",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-07-26T00:00:00.000Z",
"ID": "CVE-2021-36092",
"STATE": "PUBLIC",
"TITLE": "XSS attack using special link in email"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.27"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.14"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It\u0027s possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-15/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-15/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.15 or OTRS 7.0.28."
}
],
"source": {
"advisory": "OSA-2021-15",
"defect": [
"2021061442000603"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36092",
"datePublished": "2021-07-26T04:25:43.381697Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-17T03:02:46.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32741 (GCVE-0-2022-32741)
Vulnerability from cvelistv5
Published
2022-06-13 08:01
Modified
2024-09-16 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-09/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.34",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.22",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Bal\u00e1zs \u00dar for reporting these vulnerability."
}
],
"datePublic": "2022-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Attacker is able to determine if the provided username exists (and it\u0027s valid) using Request New Password feature, based on the response time."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T08:01:04",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-09/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.23 or OTRS 7.0.35."
}
],
"source": {
"advisory": "OSA-2022-09",
"defect": [
"2022031842001181"
],
"discovery": "INTERNAL"
},
"title": "Information disclosure in Request New Password feature",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-06-13T07:00:00.000Z",
"ID": "CVE-2022-32741",
"STATE": "PUBLIC",
"TITLE": "Information disclosure in Request New Password feature"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.34"
},
{
"version_affected": "\u003c=",
"version_name": "8.0.x",
"version_value": "8.0.22"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Bal\u00e1zs \u00dar for reporting these vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attacker is able to determine if the provided username exists (and it\u0027s valid) using Request New Password feature, based on the response time."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-09/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-09/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.23 or OTRS 7.0.35."
}
],
"source": {
"advisory": "OSA-2022-09",
"defect": [
"2022031842001181"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-32741",
"datePublished": "2022-06-13T08:01:04.282221Z",
"dateReserved": "2022-06-09T00:00:00",
"dateUpdated": "2024-09-16T16:43:46.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15864 (GCVE-0-2017-15864)
Vulnerability from cvelistv5
Published
2017-11-16 15:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4047",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4047",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4047",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"name": "https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/"
},
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15864",
"datePublished": "2017-11-16T15:00:00",
"dateReserved": "2017-10-24T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1772 (GCVE-0-2020-1772)
Vulnerability from cvelistv5
Published
2020-03-27 12:47
Modified
2024-09-16 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 5.0.x < Version: 6.0.x < |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-09/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "5.0.41",
"status": "affected",
"version": "5.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.26",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fabian Henneke"
}
],
"datePublic": "2020-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:30.794451",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-09/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, 5.0.42\n\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b\nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/96cc7826d6ce260204ff629fc968edd2787b7f6b"
}
],
"source": {
"advisory": "OSA-2020-09",
"defect": [
"2020012742001563"
],
"discovery": "EXTERNAL"
},
"title": "Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1772",
"datePublished": "2020-03-27T12:47:49.502529Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T23:25:42.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2534 (GCVE-0-2023-2534)
Vulnerability from cvelistv5
Published
2023-05-08 07:29
Modified
2025-01-29 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via
ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation
and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-03/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T15:54:24.138248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T15:54:37.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Websocket API"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "8.0.32",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Special thanks to Maximilian Gutwein for reporting these vulnerability."
}
],
"datePublic": "2023-05-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via\u003cbr\u003eticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data).\u0026nbsp;Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation\u003cbr\u003eand the number of active users. (Flooding)\u003cp\u003eThis issue affects OTRS: from 8.0.X before 8.0.32.\u003c/p\u003e"
}
],
"value": "Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via\nticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data).\u00a0Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation\nand the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
},
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T07:55:19.365Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-03/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 8.0.32\u003cbr\u003e"
}
],
"value": "Update to OTRS 8.0.32\n"
}
],
"source": {
"advisory": "OSA-2023-03",
"defect": [
"500",
"2022122042001337"
],
"discovery": "EXTERNAL"
},
"title": "Information disclouse and DoS via websocket push events",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-2534",
"datePublished": "2023-05-08T07:29:49.293Z",
"dateReserved": "2023-05-05T06:14:04.360Z",
"dateUpdated": "2025-01-29T15:54:37.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4765 (GCVE-0-2010-4765)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-17 02:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=4936",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4936"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4765",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:58.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1518 (GCVE-0-2011-1518)
Vulnerability from cvelistv5
Published
2011-04-18 18:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "44029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44029"
},
{
"name": "47323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otrs.org/advisory/OSA-2011-01-en/"
},
{
"name": "ADV-2011-1186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1186"
},
{
"name": "71790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71790"
},
{
"name": "DSA-2231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2231"
},
{
"name": "otrs-multiple-unspecified-xss(66698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66698"
},
{
"name": "44479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "44029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44029"
},
{
"name": "47323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otrs.org/advisory/OSA-2011-01-en/"
},
{
"name": "ADV-2011-1186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1186"
},
{
"name": "71790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71790"
},
{
"name": "DSA-2231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2231"
},
{
"name": "otrs-multiple-unspecified-xss(66698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66698"
},
{
"name": "44479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "44029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44029"
},
{
"name": "47323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47323"
},
{
"name": "http://otrs.org/advisory/OSA-2011-01-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2011-01-en/"
},
{
"name": "ADV-2011-1186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1186"
},
{
"name": "71790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71790"
},
{
"name": "DSA-2231",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2231"
},
{
"name": "otrs-multiple-unspecified-xss(66698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66698"
},
{
"name": "44479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1518",
"datePublished": "2011-04-18T18:00:00",
"dateReserved": "2011-03-24T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1773 (GCVE-0-2020-1773)
Vulnerability from cvelistv5
Published
2020-03-27 12:47
Modified
2024-09-16 23:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-331 - Insufficient Entropy
Summary
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | OTRS AG | ((OTRS)) Community Edition |
Version: 5.0.41 and prior Version: 6.0.26 and prior |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-10/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "5.0.41 and prior"
},
{
"status": "affected",
"version": "6.0.26 and prior"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.15 and prior"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fabian Henneke"
}
],
"datePublic": "2020-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:15.836917",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-10/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, 5.0.42\n\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e\nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77"
}
],
"source": {
"advisory": "OSA-2020-10",
"defect": [
"2020012742001563"
],
"discovery": "EXTERNAL"
},
"title": "Session / Password / Password token leak",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1773",
"datePublished": "2020-03-27T12:47:49.545851Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T23:27:05.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7276 (GCVE-0-2008-7276)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:35.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3133",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3133"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7276",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T20:22:37.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1768 (GCVE-0-2020-1768)
Vulnerability from cvelistv5
Published
2020-02-07 15:42
Modified
2024-09-16 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T15:42:29",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.15"
}
],
"source": {
"advisory": "OSA-2020-04",
"defect": [
"2020011342001517"
],
"discovery": "USER"
},
"title": "External Interface does not invalidate session",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2020-02-07T00:00:00.000Z",
"ID": "CVE-2020-1768",
"STATE": "PUBLIC",
"TITLE": "External Interface does not invalidate session"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.14"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613 Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.15"
}
],
"source": {
"advisory": "OSA-2020-04",
"defect": [
"2020011342001517"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1768",
"datePublished": "2020-02-07T15:42:29.087385Z",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-09-16T19:09:28.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4766 (GCVE-0-2010-4766)
Vulnerability from cvelistv5
Published
2011-03-18 16:00
Modified
2024-09-16 23:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:34.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-18T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=4818",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4818"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4766",
"datePublished": "2011-03-18T16:00:00Z",
"dateReserved": "2011-03-18T00:00:00Z",
"dateUpdated": "2024-09-16T23:27:10.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21438 (GCVE-0-2021-21438)
Vulnerability from cvelistv5
Published
2021-03-22 08:50
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Summary
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-08/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FAQ",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.29",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Christopher Theuerkauf"
}
],
"datePublic": "2021-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T08:50:17",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-08/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 7.0.25."
}
],
"source": {
"advisory": "OSA-2021-08",
"defect": [
"2021020842001809"
],
"discovery": "USER"
},
"title": "FAQ articles are shown to users without permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-03-22T00:00:00.000Z",
"ID": "CVE-2021-21438",
"STATE": "PUBLIC",
"TITLE": "FAQ articles are shown to users without permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FAQ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.0.x",
"version_value": "6.0.29"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.0.24"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Christopher Theuerkauf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-08/",
"refsource": "MISC",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-08/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 7.0.25."
}
],
"source": {
"advisory": "OSA-2021-08",
"defect": [
"2021020842001809"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21438",
"datePublished": "2021-03-22T08:50:17.683469Z",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-09-17T01:46:15.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9753 (GCVE-0-2019-9753)
Vulnerability from cvelistv5
Published
2019-06-03 18:05
Modified
2024-08-04 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T18:05:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9753",
"datePublished": "2019-06-03T18:05:33",
"dateReserved": "2019-03-13T00:00:00",
"dateUpdated": "2024-08-04T22:01:54.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-06 14:15
Modified
2024-11-21 06:13
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3B2D503B-661B-43EC-9902-D0613A037AA4",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "336DCF0F-236B-46A0-A112-A201F9B6014D",
"versionEndExcluding": "7.0.29",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Malicious attacker is able to find out valid user logins by using the \"lost password\" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions."
},
{
"lang": "es",
"value": "Un atacante malicioso es capaz de averiguar los inicios de sesi\u00f3n v\u00e1lidos de usuarios al usar la funcionalidad \"lost password\". Este problema afecta a: OTRS AG ((OTRS)) Community Edition versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS versi\u00f3n 7.0.x, versi\u00f3n 7.0.28 y versiones anteriores."
}
],
"id": "CVE-2021-36095",
"lastModified": "2024-11-21T06:13:08.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-06T14:15:07.313",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-18/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-18/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-20 22:00
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| cve@mitre.org | http://otrs.org/advisory/OSA-2010-02-en/ | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/41381 | Vendor Advisory | |
| cve@mitre.org | http://security-tracker.debian.org/tracker/CVE-2010-2080 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/43264 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/61869 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2010-02-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41381 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security-tracker.debian.org/tracker/CVE-2010-2080 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/43264 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/61869 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8 no controla correctamente la adecuaci\u00f3n de las expresiones regulares de Perl contra los mensajes de correo electr\u00f3nico HTML, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un mensaje grande, es una vulnerabilidad distinta a CVE-2010-2080."
}
],
"id": "CVE-2010-3476",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-20T22:00:04.673",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41381"
},
{
"source": "cve@mitre.org",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/43264"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-20 21:15
Modified
2024-11-21 05:11
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-13/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-13/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3AE566F3-4B9B-41EB-BC44-344A6DDDC96E",
"versionEndExcluding": "6.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "509BA09E-2D3D-44D1-86A2-836CEEBFDA8C",
"versionEndExcluding": "7.0.19",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "829A5F02-F738-4B71-BF9A-1511694E395E",
"versionEndExcluding": "8.0.5",
"versionStartIncluding": "8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions."
},
{
"lang": "es",
"value": "Cuando un usuario de agente es renombrado o se establece como no v\u00e1lido, la sesi\u00f3n que pertenece al usuario se mantiene activa. La sesi\u00f3n no puede ser usada para acceder a los datos del ticket en caso de que el agente no sea v\u00e1lido. Este problema afecta a ((OTRS)) Community Edition: versiones 6.0.28 y anteriores. OTRS: versiones 7.0.18 y anteriores, versiones 8.0.4. y anteriores"
}
],
"id": "CVE-2020-1776",
"lastModified": "2024-11-21T05:11:22.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-20T21:15:12.577",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-13/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-13/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-05 07:15
Modified
2024-11-21 07:17
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2330DDC0-20DF-4031-A4A3-017F0E73C08A",
"versionEndIncluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB57B12-C33A-499A-AD20-7608053FB2B1",
"versionEndExcluding": "7.0.37",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9BA949-D450-43E5-907C-CC981270C588",
"versionEndExcluding": "8.0.25",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package"
},
{
"lang": "es",
"value": "El atacante podr\u00eda ser capaz de ejecutar c\u00f3digo Perl malicioso en el kit de herramientas Template, haciendo que el administrador instale un paquete de 3\u00aa parte no verificado"
}
],
"id": "CVE-2022-39051",
"lastModified": "2024-11-21T07:17:27.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-05T07:15:08.117",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-913"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-913"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=4936 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=4936 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F90276C6-4CF4-4E3A-87F5-F4EA3F4B36C0",
"versionEndIncluding": "2.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el m\u00e9todo Kernel::System::Main::FileWrite en Open Ticket Request System (OTRS) anterior a v2.4.8 permite a usuarios remotos autenticados corromper los datos en TicketCounter.log en circunstancias oportunistas mediante la creaci\u00f3n de tickets."
}
],
"id": "CVE-2010-4765",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4936"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-27 13:15
Modified
2024-11-21 05:11
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | ||
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | ||
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | ||
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-10/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-10/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "D59B7180-350C-4CB2-82F6-DE65E13AEED9",
"versionEndIncluding": "5.0.41",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "0EF80E5E-ED59-4BEE-9EBF-34485DCABED1",
"versionEndIncluding": "6.0.26",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57789F0A-B1F9-4E57-BA71-5558A285D1CA",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions."
},
{
"lang": "es",
"value": "Un atacante con la capacidad de generar ID de sesi\u00f3n o tokens de restablecimiento de contrase\u00f1a, ya sea mediante la autenticaci\u00f3n o la explotaci\u00f3n de OSA-2020-09, puede predecir ID de sesi\u00f3n de otros usuarios, tokens de restablecimiento de contrase\u00f1a y contrase\u00f1as generadas autom\u00e1ticamente. Este problema afecta a ((OTRS)) Community Edition: versiones 5.0.41 y versiones anteriores, versiones 6.0.26 y versiones anteriores. OTRS; versiones 7.0.15 y anteriores."
}
],
"id": "CVE-2020-1773",
"lastModified": "2024-11-21T05:11:21.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-27T13:15:15.473",
"references": [
{
"source": "security@otrs.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "security@otrs.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "security@otrs.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-10/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=2539 | Patch | |
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=2844 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=2539 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=2844 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05789283-BD1A-4C3E-AD5F-9411D9216571",
"versionEndIncluding": "2.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
},
{
"lang": "es",
"value": "La funci\u00f3n S/MIME en Open Ticket Request System (OTRS) anterior a v2.2.5, y v2.3.x anteriores a v2.3.0-beta1, no configura correctamente la variable de entorno RANDFILE para OpenSSL, lo que podr\u00eda facilitar a los atacantes remotos descifrar mensajes de correo electr\u00f3nico que ten\u00edan menos entrop\u00eda de la previsto para operaciones de cifrado, relacionado con la imposibilidad de escribir en el fichero de generaci\u00f3n de semilla para claves."
}
],
"id": "CVE-2008-7278",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2539"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2844"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/50615 | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/511404 | Exploit, US Government Resource | |
| cve@mitre.org | http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/ | Vendor Advisory | |
| cve@mitre.org | http://znuny.com/en/#%21/advisory/ZSA-2012-02 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/511404 | Exploit, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://znuny.com/en/#%21/advisory/ZSA-2012-02 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 2.4.11 | |
| otrs | otrs | 2.4.12 | |
| otrs | otrs | 2.4.13 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 | |
| otrs | otrs | 3.0.5 | |
| otrs | otrs | 3.0.6 | |
| otrs | otrs | 3.0.7 | |
| otrs | otrs | 3.0.8 | |
| otrs | otrs | 3.0.9 | |
| otrs | otrs | 3.0.10 | |
| otrs | otrs | 3.0.11 | |
| otrs | otrs | 3.0.12 | |
| otrs | otrs | 3.0.13 | |
| otrs | otrs | 3.0.14 | |
| otrs | otrs | 3.0.15 | |
| otrs | otrs_itsm | 3.0.0 | |
| otrs | otrs_itsm | 3.0.1 | |
| otrs | otrs_itsm | 3.0.2 | |
| otrs | otrs_itsm | 3.0.3 | |
| otrs | otrs_itsm | 3.0.4 | |
| otrs | otrs_itsm | 3.0.5 | |
| otrs | otrs_itsm | 3.0.6 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC028B45-B693-457B-8D2C-312C7363593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE458E4-7394-48EB-8711-BC360036C082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAA8183-513A-43E4-AAE2-5E654F95B4E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB3159B-EF44-4D18-A4E9-EE149F588BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F879541-066F-4C86-8844-B577EA8F2661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A021-28B3-4358-951F-86F791A9655A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6605C7-A589-43BD-BB4A-1917D964569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "388F9AA8-CFF2-4742-B594-A5462DA424FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5587B6D5-9219-4429-BA50-723CDA760377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2914F4-C45B-4CBA-8EF4-DA1FEC309895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "61B492D3-5659-4F8B-A0B9-3F5937203BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5258544-BF7A-4C64-88A6-C95E4482FA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3949B8-D461-4C94-AE6C-89122AC5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF4FD28-8DF9-466B-8CDE-8077CADFEC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF64AA5-50E6-4D3B-8F60-1D80C9BBDC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB590BAC-7E69-447B-B4AD-E813F92CDF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED128D4-28F0-4FF9-AB2D-6D47952EF4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17E88594-DDBF-4568-9CC7-F4F5D9306F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "365194D1-0288-4804-9C30-2AD6C39118C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Open System Request Ticket (OTRS) Help Desk v2.4.x antes de v2.4.14, v3.0.x antes de v3.0.16, y v3.1.x antes de v3.1.10, cuando se usa Firefox u Opera, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un cuerpo de mensaje de correo electr\u00f3nico con etiquetas HTML anidadas.\r\n"
}
],
"id": "CVE-2012-4600",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-31T14:55:01.293",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50615"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"source": "cve@mitre.org",
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 05:15
Modified
2024-11-21 06:13
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2021-14/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2021-14/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F5D891B0-0AE0-4F3F-B3D3-F6EED61AD204",
"versionEndExcluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A658717B-6A53-42A3-AEE6-8FB0F9F9024A",
"versionEndExcluding": "7.0.28",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27."
},
{
"lang": "es",
"value": "Unos agentes pueden listar citas en los calendarios sin los permisos necesarios. Este problema afecta a: OTRS AG ((OTRS)) Community Edition: versi\u00f3n 6.0.x versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS: versiones 7.0.x anteriores a 7.0.27"
}
],
"id": "CVE-2021-36091",
"lastModified": "2024-11-21T06:13:08.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T05:15:07.577",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-14/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-14/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 08:15
Modified
2024-11-21 07:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC37884-BF0A-4F67-AFC3-1C95BE001A55",
"versionEndExcluding": "7.0.35",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01314391-90B9-4D17-9571-7EE08FEF0D5C",
"versionEndExcluding": "8.0.23",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Attacker is able to determine if the provided username exists (and it\u0027s valid) using Request New Password feature, based on the response time."
},
{
"lang": "es",
"value": "El atacante es capaz de determinar si el nombre de usuario proporcionado se presenta (y es v\u00e1lido) usando la funcionalidad Request New Password, bas\u00e1ndose en el tiempo de respuesta"
}
],
"id": "CVE-2022-32741",
"lastModified": "2024-11-21T07:06:52.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T08:15:19.083",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-09/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-09/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-29 10:15
Modified
2024-11-21 08:58
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E47E75A-C9A9-40EE-A5DE-B4CDD98E7B7F",
"versionEndExcluding": "7.0.49",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9B2075-4C3E-48C9-96DA-655E4F29325A",
"versionEndExcluding": "2024.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la funcionalidad de carga de avatares de usuarios permite un mal uso de la funcionalidad debido a la falta de verificaci\u00f3n de los tipos de archivos. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.48, desde 8.0.X hasta 8.0.37, desde 2023 hasta 2023.1.1."
}
],
"id": "CVE-2024-23790",
"lastModified": "2024-11-21T08:58:25.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-29T10:15:08.263",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-21 14:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| cve@mitre.org | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "92CBFC5A-5DBE-40B4-BC25-84E50DBF8799",
"versionEndIncluding": "5.0.36",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "7797BAF4-EBCD-49B4-B5BC-E19B6EEE5DF9",
"versionEndIncluding": "6.0.19",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el Open Ticket Request System (OTRS) Community Edition 5.0.x hasta 5.0.36 y 6.0.x hasta 6.0.19. Un usuario que inici\u00f3 sesi\u00f3n en OTRS como agente podr\u00eda revelar sin saberlo su ID de sesi\u00f3n al compartir el enlace de un art\u00edculo de ticket incrustado con terceros. Este identificador puede ser potencialmente abusado para suplantar al usuario del agente."
}
],
"id": "CVE-2019-12746",
"lastModified": "2024-11-21T04:23:29.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-21T14:15:10.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-08 13:15
Modified
2024-11-21 03:43
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.otrs.org/pipermail/announce/2018/000720.html | Vendor Advisory | |
| cve@mitre.org | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.otrs.org/pipermail/announce/2018/000720.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE42F9A-FF2E-4F49-B28A-4C6E080BF1E1",
"versionEndIncluding": "6.0.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer\u0027s browser in the context of the OTRS customer panel application."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Open Ticket Request System (OTRS) versi\u00f3n 6.0.x hasta 6.0.7. Un correo electr\u00f3nico cuidadosamente construido podr\u00eda ser utilizado para inyectar y ejecutar hojas de estilo o c\u00f3digo JavaScript en un navegador del cliente que haya iniciado sesi\u00f3n en el contexto de la aplicaci\u00f3n del panel de cliente de OTRS."
}
],
"id": "CVE-2018-11563",
"lastModified": "2024-11-21T03:43:37.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-08T13:15:10.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.otrs.org/pipermail/announce/2018/000720.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.otrs.org/pipermail/announce/2018/000720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=2544 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=2544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4C63B5-E525-45F3-A2A5-C0AF76F7A4F4",
"versionEndIncluding": "2.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.2.6, cuando el grupo de atenci\u00f3n al cliente est\u00e1 habilitada, permite a usuarios remotos autenticados eludir restricciones de acceso y realizar actualizaciones de la interfaz web a los tickets mediante el aprovechamiento de la cola de los permisos de lectura."
}
],
"id": "CVE-2008-7283",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2544"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=2544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-22 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html | ||
| cve@mitre.org | http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/603276 | US Government Resource | |
| cve@mitre.org | http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/ | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/56093 | ||
| cve@mitre.org | http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py | Exploit | |
| cve@mitre.org | http://znuny.com/en/#%21/advisory/ZSA-2012-03 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/603276 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://znuny.com/en/#%21/advisory/ZSA-2012-03 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 2.4.11 | |
| otrs | otrs | 2.4.12 | |
| otrs | otrs | 2.4.13 | |
| otrs | otrs | 2.4.14 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 | |
| otrs | otrs | 3.0.5 | |
| otrs | otrs | 3.0.6 | |
| otrs | otrs | 3.0.7 | |
| otrs | otrs | 3.0.8 | |
| otrs | otrs | 3.0.9 | |
| otrs | otrs | 3.0.10 | |
| otrs | otrs | 3.0.11 | |
| otrs | otrs | 3.0.12 | |
| otrs | otrs | 3.0.13 | |
| otrs | otrs | 3.0.14 | |
| otrs | otrs | 3.0.15 | |
| otrs | otrs | 3.0.16 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 | |
| otrs | otrs | 3.1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC028B45-B693-457B-8D2C-312C7363593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE458E4-7394-48EB-8711-BC360036C082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAA8183-513A-43E4-AAE2-5E654F95B4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF68D197-5F0F-4E34-986F-A06B82EDE06F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB3159B-EF44-4D18-A4E9-EE149F588BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F879541-066F-4C86-8844-B577EA8F2661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A021-28B3-4358-951F-86F791A9655A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6605C7-A589-43BD-BB4A-1917D964569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "388F9AA8-CFF2-4742-B594-A5462DA424FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5587B6D5-9219-4429-BA50-723CDA760377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2914F4-C45B-4CBA-8EF4-DA1FEC309895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "61B492D3-5659-4F8B-A0B9-3F5937203BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5258544-BF7A-4C64-88A6-C95E4482FA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "706EACAF-7E79-4809-8206-818145101E48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5189FACC-454A-4AFD-A08C-0F4F7158EDEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) Help Desk v2.4.x antes de v2.4.15, v3.0.x antes v3.0.17, y v3.1.x antes de v3.1.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un cuerpo de mensaje de correo electr\u00f3nico con un espacio en blanco antes de un javascript: URL en el atributo SRC de un elemento, como lo demuestra un elemento IFRAME."
}
],
"id": "CVE-2012-4751",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-22T16:55:01.680",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/603276"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56093"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py"
},
{
"source": "cve@mitre.org",
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/603276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 00:29
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/ | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA474EF0-B6F0-41C8-9CD2-FCCB19EA6D92",
"versionEndIncluding": "5.0.34",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85151323-32CE-4839-AA73-60F8725E879B",
"versionEndIncluding": "6.0.17",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C68C6B27-26D4-453E-9142-3C193A4A530E",
"versionEndIncluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en Open Ticket Request System (OTRS) en las versiones 5.x hasta 5.0.34, 6.x hasta 6.0.17, y 7.x hasta 7.0.6. Un atacante logeado en OTRS como un agente de usuario con los permisos apropiados puede intentar importar un Report Statistics XML creado minuciosamente que le dar\u00e1 como resultado la lectura de archivos arbitrarios en OTRS filesystem."
}
],
"id": "CVE-2019-9892",
"lastModified": "2024-11-21T04:52:31.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T00:29:02.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=2696 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=2696 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4C63B5-E525-45F3-A2A5-C0AF76F7A4F4",
"versionEndIncluding": "2.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors."
},
{
"lang": "es",
"value": "Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm en Open Ticket Request System (OTRS) anteriores a v2.2.6, cuando las opciones CustomerPanelOwnSelection y CustomerGroupSupport est\u00e1n habilitados, permite a usuarios remotos autenticados eludir las restricciones de acceso previsto, y llevar a cabo determinadas operaciones (1) list y (2) write en las colas, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-7282",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2696"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-08 23:19
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/35821 | ||
| cve@mitre.org | http://osvdb.org/35822 | ||
| cve@mitre.org | http://secunia.com/advisories/25205 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25419 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25787 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/2668 | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1298 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_13_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/467870/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/471192/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23862 | Exploit | |
| cve@mitre.org | http://www.virtuax.be/?page=library&id=35&type=Exploits | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1698 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/34164 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/35821 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/35822 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25205 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25787 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2668 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1298 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_13_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/467870/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/471192/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23862 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.virtuax.be/?page=library&id=35&type=Exploits | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/34164 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo index.pl en Open Ticket Request System (OTRS) versi\u00f3n 2.0.x, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro Subaction en una acci\u00f3n AgentTicketMailbox. NOTA: DEBIAN: DSA-1299 originalmente us\u00f3 este identificador para un problema de ipsec-tools, pero el identificador adecuado para el problema de ipsec-tools es CVE-2007-1841."
}
],
"id": "CVE-2007-2524",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-08T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35821"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35822"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25419"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25787"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2668"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1298"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/467870/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471192/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23862"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.virtuax.be/?page=library\u0026id=35\u0026type=Exploits"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1698"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/467870/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471192/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.virtuax.be/?page=library\u0026id=35\u0026type=Exploits"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34164"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-21 10:15
Modified
2024-11-21 06:39
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2022-06/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2022-06/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30351839-9649-4552-B591-06B3D277C747",
"versionEndExcluding": "7.0.33",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFE2E2D-DAC9-4F55-B521-F7268785B248",
"versionEndExcluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled."
},
{
"lang": "es",
"value": "La hora contabilizada es mostrada en la Visualizaci\u00f3n Detallada del Ticket (Interfaz Externa), incluso si ExternalFrontend::TicketDetailView###AccountedTimeDisplay est\u00e1 deshabilitado"
}
],
"id": "CVE-2022-1004",
"lastModified": "2024-11-21T06:39:50.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-21T10:15:07.957",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-06/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-06/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-11 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73162541/index.html | ||
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019 | ||
| vultures@jpcert.or.jp | http://secunia.com/advisories/43960 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://hermes.opensuse.org/messages/7797670 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73162541/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43960 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/7797670 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3A920C-BAF4-4252-B543-4FE1828043A5",
"versionEndIncluding": "2.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a \"command injection vulnerability.\""
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en el archivo webscript.pl en Open Ticket Request System (OTRS) versi\u00f3n 2.3.4 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados, relacionados a una \"command injection vulnerability.\""
}
],
"id": "CVE-2011-0456",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-11T17:55:02.667",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN73162541/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43960"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://hermes.opensuse.org/messages/7797670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN73162541/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/7797670"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 09:15
Modified
2024-11-21 08:12
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.
This issue affects OTRS: from 8.0.X before 8.0.35.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EED0854F-D955-41C1-88D9-4C8265F75FDE",
"versionEndExcluding": "8.0.35",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.\nThis issue affects OTRS: from 8.0.X before 8.0.35.\n\n"
}
],
"id": "CVE-2023-38058",
"lastModified": "2024-11-21T08:12:46.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T09:15:10.003",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-07/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-07/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 05:15
Modified
2024-11-21 05:48
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2021-13/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2021-13/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2330DDC0-20DF-4031-A4A3-017F0E73C08A",
"versionEndIncluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F285C0-B9FC-4AF7-85D0-19F6594AAB7B",
"versionEndIncluding": "7.0.27",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27."
},
{
"lang": "es",
"value": "Unos agentes pueden enumerar los correos electr\u00f3nicos de los usuarios de los clientes sin los permisos requeridos en la pantalla de acciones masivas. Este problema afecta a: OTRS AG ((OTRS)) Community Edition: versi\u00f3n 6.0.x versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS: versiones 7.0.x anteriores a 7.0.27"
}
],
"id": "CVE-2021-21443",
"lastModified": "2024-11-21T05:48:23.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T05:15:07.507",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-13/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-13/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 08:15
Modified
2024-11-21 08:58
Severity ?
5.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E122DB1-85DB-4430-A8C2-1B599364FD1F",
"versionEndExcluding": "2024.5.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en la funcionalidad de edici\u00f3n en l\u00ednea de OTRS puede provocar una escalada de privilegios. Esta falla permite que un agente con permisos de solo lectura obtenga acceso completo a un ticket. Este problema surge en casos muy raros cuando un administrador ha habilitado previamente la configuraci\u00f3n \u0027RequiredLock\u0027 de \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 en la configuraci\u00f3n del sistema. Este problema afecta a OTRS: * 8.0.X * 2023.X * desde 2024.X hasta 2024.4.x"
}
],
"id": "CVE-2024-23794",
"lastModified": "2024-11-21T08:58:25.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T08:15:02.470",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 16:15
Modified
2024-11-21 05:11
Severity ?
4.1 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-16/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-16/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E840BC83-9046-429B-8B6D-7B372C053D98",
"versionEndIncluding": "8.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions."
},
{
"lang": "es",
"value": "Cuando OTRS usa m\u00faltiples backends para la autenticaci\u00f3n de usuarios (con LDAP), unos agentes pueden iniciar sesi\u00f3n incluso si la cuenta est\u00e1 ajustada como no v\u00e1lida.\u0026#xa0;Este problema afecta a OTRS;\u0026#xa0;versiones 8.0.9 y anteriores"
}
],
"id": "CVE-2020-1778",
"lastModified": "2024-11-21T05:11:22.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T16:15:13.120",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-16/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-16/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-10 15:15
Modified
2024-11-21 05:11
Severity ?
2.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html | Mailing List, Not Applicable, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-02/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html | Mailing List, Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-02/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "930593FF-E99D-46BB-AABD-9562CC94B8D3",
"versionEndIncluding": "5.0.39",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "69D1FDA1-32D6-4793-AB1D-ED9F0A17939F",
"versionEndIncluding": "6.0.24",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D86D6CD7-52CC-47B5-8075-462D4A3099FC",
"versionEndIncluding": "7.0.13",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."
},
{
"lang": "es",
"value": "Debido al manejo inapropiado de las im\u00e1genes cargadas, es posible, en condiciones muy extra\u00f1as y poco frecuentes, forzar al navegador de los agentes a ejecutar JavaScript malicioso desde un archivo SVG especial dise\u00f1ado tal y como un archivo jpg en l\u00ednea. Este problema afecta a: ((OTRS)) Community Edition versiones 5.0.x versi\u00f3n 5.0.39 y anteriores; versiones 6.0.x versi\u00f3n 6.0.24 y anteriores. OTRS versiones 7.0.x versi\u00f3n 7.0.13 y anteriores."
}
],
"id": "CVE-2020-1766",
"lastModified": "2024-11-21T05:11:20.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-10T15:15:12.050",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "security@otrs.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "security@otrs.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-07 11:15
Modified
2024-11-21 06:38
Severity ?
3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC061B8B-BDEF-4F4E-A556-F4873C2CF556",
"versionEndExcluding": "7.0.32",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions."
},
{
"lang": "es",
"value": "Los administradores de OTRS pueden configurar el campo din\u00e1mico e inyectar c\u00f3digo JavaScript malicioso en el mensaje de error de la comprobaci\u00f3n de la expresi\u00f3n regular. Cuando es usado en la interfaz del agente, el c\u00f3digo malicioso podr\u00eda ejecutarse en el navegador. Este problema afecta a: OTRS AG OTRS 7.0.x versi\u00f3n: 7.0.31 y versiones anteriores"
}
],
"id": "CVE-2022-0473",
"lastModified": "2024-11-21T06:38:42.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-07T11:15:07.820",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-04 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=10099 | ||
| cve@mitre.org | http://osvdb.org/102632 | ||
| cve@mitre.org | http://secunia.com/advisories/56644 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/56655 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2014/dsa-2867 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/01/29/15 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/01/29/7 | ||
| cve@mitre.org | https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7 | Exploit, Patch | |
| cve@mitre.org | https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312 | Exploit, Patch | |
| cve@mitre.org | https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77 | Exploit, Patch | |
| cve@mitre.org | https://www.otrs.com/release-notes-otrs-help-desk-3-3-4 | ||
| cve@mitre.org | https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=10099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/102632 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56644 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56655 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2014/dsa-2867 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/01/29/15 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/01/29/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/release-notes-otrs-help-desk-3-3-4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.1 | |
| otrs | otrs | 3.2.2 | |
| otrs | otrs | 3.2.3 | |
| otrs | otrs | 3.2.4 | |
| otrs | otrs | 3.2.5 | |
| otrs | otrs | 3.2.6 | |
| otrs | otrs | 3.2.7 | |
| otrs | otrs | 3.2.8 | |
| otrs | otrs | 3.2.9 | |
| otrs | otrs | 3.2.10 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 | |
| otrs | otrs | 3.1.10 | |
| otrs | otrs | 3.1.11 | |
| otrs | otrs | 3.1.13 | |
| otrs | otrs | 3.1.14 | |
| otrs | otrs | 3.1.15 | |
| otrs | otrs | 3.1.16 | |
| otrs | otrs | 3.1.17 | |
| otrs | otrs | 3.1.18 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.1 | |
| otrs | otrs | 3.3.2 | |
| otrs | otrs | 3.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2206E940-7C63-43A5-A041-CA13A84312A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EB051883-3917-414F-8A36-B51E833451E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "445641C8-5D1E-463E-8C00-1CD4E18B2B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "24C72855-1DF6-4456-A68A-89458C2EA7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A84F186F-D5F9-4968-BA39-2B44FFD2119F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2F58F68B-CCB5-408B-A721-05E355E9A2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C41A2AB-BED9-4185-A71B-23F6CF101DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC2C11-F0BB-4763-9B7D-D8ACCD259DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF18770-E861-4689-9040-A6E4BCB03D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77E1C1A9-4835-467D-8FA9-D93814634476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "097B8F4A-66E7-46E9-B624-EA26F8687181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B223E5A-9A4B-466B-BC0F-4C0400E70E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D8237-63CD-4075-B533-3E537A5B0D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8821F99A-24D8-483E-AD56-AA5D34BF47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B6966E-47DA-4852-87E0-E768CCE07012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F638AF98-56CC-44A3-94E7-B7CCBAAFCE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F52F5362-FFE8-49F4-97A9-2BE4D855AF3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5189FACC-454A-4AFD-A08C-0F4F7158EDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5959FA82-043D-42A6-BB7A-C4D37350C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DC1416-3EBF-4FA9-9A4E-0737BFFD4DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DBAFD-3213-4473-8F3A-783035D6ED9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D1729DB9-48DB-49D5-8F81-567D01B91866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AF271-B4CA-4217-A96A-835133AF517B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF17BC5-DEB1-47A1-9734-14F56F0B8DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A73332-DDB0-4C16-BB5B-4C4A3F90BF8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F950A3B9-9347-4271-9AE2-816BB37F2FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78F12260-F695-492E-9F93-34873E8CD42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C2ACF399-6BD0-4753-A8FA-A7031C5E898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E314819D-7CF9-4DCC-8007-CFE73F3138A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D286118-DA1F-43A4-9B0B-9A340887EA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82E2C445-2CC0-4F4E-BF4E-C2987E273448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB02A9C-AE23-4DF6-88E7-A606A3483036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm y (4) CustomerTicketZoom.pm en Kernel/Modules/ en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.19, 3.2.x anterior a 3.2.14 y 3.3.x anterior a 3.3.4 permite a atacantes remotos secuestrar la auntenticaci\u00f3n de usuarios arbitrarios para solicitudes que (5) crean tickets o (6) env\u00edan seguimientos a tickets existentes."
}
],
"id": "CVE-2014-1694",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-04T21:55:05.640",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=10099"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/102632"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56644"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56655"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77"
},
{
"source": "cve@mitre.org",
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=10099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-15 19:15
Modified
2024-11-21 05:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358B64C5-B9E4-4DE6-8309-A5CF1752C039",
"versionEndIncluding": "7.0.21",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "031CA5A5-FE12-4831-A2AB-068978C498A1",
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions."
},
{
"lang": "es",
"value": "Los nombres de los agentes que participan en una conversaci\u00f3n de chat se revelan en determinadas partes de la interfaz externa, as\u00ed como en las transcripciones de chat dentro de los tickets, cuando el sistema est\u00e1 configurado para enmascarar los nombres reales de los agentes.\u0026#xa0;Este problema afecta a OTRS;\u0026#xa0;versiones 7.0.21 y anteriores, versiones 8.0.6 y anteriores"
}
],
"id": "CVE-2020-1777",
"lastModified": "2024-11-21T05:11:22.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-15T19:15:13.003",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-15/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-08 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4066 | Third Party Advisory | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4066 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "991EB652-4321-40E7-80C1-5D1B5A3DC7EC",
"versionEndIncluding": "3.3.20",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6558F1-B580-4119-BF84-73972353FC23",
"versionEndIncluding": "4.0.26",
"versionStartExcluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BF1881-7552-47E4-B8F5-64D83BDC8311",
"versionEndIncluding": "5.0.24",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9702AE18-7F8E-4B92-9D94-DFB63B3714BE",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets."
},
{
"lang": "es",
"value": "En Open Ticket Request System (OTRS) hasta la versi\u00f3n 3.3.20; en las versiones 4 hasta la 4.0.26; en las versiones 5 hasta la 5.0.24 y en las versiones 6 hasta la 6.0.1, un atacante que ha iniciado sesi\u00f3n como cliente puede emplear el formulario de b\u00fasqueda de tickets para revelar informaci\u00f3n interna de art\u00edculos de sus tickets de cliente."
}
],
"id": "CVE-2017-16854",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-08T17:29:00.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-14 08:15
Modified
2024-11-21 05:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2021-09/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2021-09/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "58EDB086-8414-4EBD-8C19-1402C800DFD6",
"versionEndIncluding": "6.0.30",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDBB41C-E915-41DF-8E95-8BB17798F20A",
"versionEndExcluding": "7.0.27",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "042B7D35-918B-4716-A819-9AE29ECF50AD",
"versionEndExcluding": "8.0.14",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions."
},
{
"lang": "es",
"value": "El ataque de DoS puede ser llevado a cabo cuando un correo electr\u00f3nico contiene una URL especialmente dise\u00f1ada en el cuerpo. Puede conllevar a un alto uso de la CPU y causar una baja calidad de servicio, o en caso extremo llevar el sistema a una parada. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versi\u00f3n 6.0.x, 6.0.1 y versiones posteriores. OTRS AG OTRS versi\u00f3n 7.0.x, 7.0.26 y versiones anteriores; versi\u00f3n 8.0.x, 8.0.13 y versiones anteriores"
}
],
"id": "CVE-2021-21439",
"lastModified": "2024-11-21T05:48:21.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-14T08:15:10.097",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-09/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-09/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3583 | Exploit | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3583 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5E861263-E9A4-4CE4-A7C6-48B969ED41F7",
"versionEndIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.4.0-beta2 no hace cumplir de forma correcta la configuraci\u00f3n del permiso move_into para una cola, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso previsto y leer un ticket vi\u00e9ndolo y seleccion\u00e1ndolo de la lista de tickets vistos.\r\n"
}
],
"id": "CVE-2009-5056",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3583"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-29 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html | ||
| cve@mitre.org | http://otrs.org/advisory/OSA-2011-03-en/ | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45701 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45894 | ||
| cve@mitre.org | http://www.osvdb.org/74602 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/49251 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2011-03-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45701 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45894 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/74602 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49251 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 | |
| otrs | otrs | 3.0.5 | |
| otrs | otrs | 3.0.6 | |
| otrs | otrs | 3.0.7 | |
| otrs | otrs | 3.0.8 | |
| otrs | otrs | 3.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB3159B-EF44-4D18-A4E9-EE149F588BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F879541-066F-4C86-8844-B577EA8F2661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A021-28B3-4358-951F-86F791A9655A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Kernel/Modules/AdminPackageManager.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.x antes de v2.4.11 y v3.x antes de v3.0.10. permite a administradores autenticados remotamente leer archivos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-2746",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-29T15:55:01.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2011-03-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45701"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/45894"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/74602"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2011-03-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/74602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-27 10:15
Modified
2024-11-21 08:43
Severity ?
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-
This issue affects OTRS: from 8.0.X through 8.0.37.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F18FE4E-E69A-4741-B549-E5739BA3B6E7",
"versionEndIncluding": "8.0.37",
"versionStartIncluding": "8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\nThis issue affects OTRS: from 8.0.X through 8.0.37.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad en OTRS AgentInterface y ExternalInterface permite la lectura de contrase\u00f1as de texto plano que se env\u00edan al cliente en la respuesta del servidor. Este problema afecta a OTRS: desde 8.0.X hasta 8.0.37."
}
],
"id": "CVE-2023-6254",
"lastModified": "2024-11-21T08:43:28.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-27T10:15:08.863",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=5875 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=5875 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F40A0170-14B1-4580-829C-8044A1419A1F",
"versionEndIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog."
},
{
"lang": "es",
"value": "El cuadro de di\u00e1logo de interfaz de cliente de impresi\u00f3n de tickets en Open Ticket Request System (OTRS) anterior a v3.0.0-beta3 no restringe de forma correcta los datos visibles del cliente, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de los campos (1) responsible, (2) owner, (3) accounted time, (4) pending until, y (5) lock mediante la lectura de este cuadro de di\u00e1logo."
}
],
"id": "CVE-2010-4761",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5875"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-06 20:15
Modified
2024-11-21 04:32
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| debian | debian_linux | 8.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "5549FE6A-859B-4021-A39E-4F633D8AD77B",
"versionEndIncluding": "5.0.38",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "BDA63ED7-EE6D-47D1-8FED-28F5402CF290",
"versionEndIncluding": "6.0.23",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A9CACF-A2E1-43A1-97E1-19EA515D22AC",
"versionEndIncluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn\u0027t have permissions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Open Ticket Request System (OTRS) versiones 7.0.x hasta la versi\u00f3n 7.0.12, y Community Edition versiones 5.0.x hasta 5.0.38 y 6.0.x hasta 6.0.23. Un atacante que ha iniciado sesi\u00f3n en OTRS como un agente es capaz de enumerar los tickets asignados a otros agentes, inclusive los tickets en una cola donde el atacante no tiene permisos."
}
],
"id": "CVE-2019-18179",
"lastModified": "2024-11-21T04:32:46.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-06T20:15:12.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=1639 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=1639 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2F92895A-78AD-4EAD-BA94-40DE7FD8A7BF",
"versionEndIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v3.0.0-beta7 no restringen correctamente la fecha de los tickets que se encuentran dentro del \u00e1mbito de una b\u00fasqueda, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (cuelgue del demonio) a trav\u00e9s de una b\u00fasqueda de texto completo."
}
],
"id": "CVE-2010-4759",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=1639"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=1639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-16 00:15
Modified
2025-02-06 17:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.otrs.com/category/release-and-security-notes-en/ | Release Notes | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/category/release-and-security-notes-en/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48F8CA16-C252-4118-AC1B-2DAEA6E4C6E8",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS."
}
],
"id": "CVE-2018-17883",
"lastModified": "2025-02-06T17:15:10.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-16T00:15:07.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-29 21:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=113272360804853&w=2 | ||
| cve@mitre.org | http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://otrs.org/advisory/OSA-2005-01-en/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17685/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/18101 | ||
| cve@mitre.org | http://secunia.com/advisories/18887 | ||
| cve@mitre.org | http://securitytracker.com/id?1015262 | ||
| cve@mitre.org | http://www.debian.org/security/2006/dsa-973 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_30_sr.html | ||
| cve@mitre.org | http://www.osvdb.org/21067 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/15537/ | Exploit, Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/2535 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/23356 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/23359 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=113272360804853&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2005-01-en/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17685/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18887 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015262 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_30_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/21067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15537/ | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2535 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23356 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23359 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters."
}
],
"id": "CVE-2005-3894",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-29T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18101"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18887"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015262"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21067"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15537/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23356"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15537/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23359"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-08 11:15
Modified
2024-11-21 05:48
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "EF384B2C-4D2C-48F9-B87F-5C908913624A",
"versionEndIncluding": "6.0.30",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EF42E-697F-43B8-81B0-81A667782728",
"versionEndIncluding": "7.0.23",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1457040A-8ECF-4A96-9D65-97FFB4DD9F63",
"versionEndIncluding": "8.0.10",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions."
},
{
"lang": "es",
"value": "Los campos del Article Bcc y la informaci\u00f3n personal del agente son mostradas cuando el cliente imprime el ticket (PDF) por medio de una interfaz externa.\u0026#xa0;Este problema afecta a: OTRS AG OTRS versiones 7.0.x versi\u00f3n 7.0.23 y versiones anteriores;\u0026#xa0;versiones 8.0.x versi\u00f3n 8.0.10 y versiones anteriores"
}
],
"id": "CVE-2021-21435",
"lastModified": "2024-11-21T05:48:21.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-08T11:15:14.177",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-02/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-16 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4047 | Third Party Advisory | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/ | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4047 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/ | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1B0746-7E65-4E11-B7E4-2FBA6BFC1F33",
"versionEndIncluding": "3.3.18",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password."
},
{
"lang": "es",
"value": "En Agent Frontend en Open Ticket Request System (OTRS) en sus versiones 3.3.x hasta la 3.3.18, con una URL manipulada es posible obtener informaci\u00f3n como el usuario y la contrase\u00f1a de la base de datos."
}
],
"id": "CVE-2017-15864",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T15:29:00.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-13 22:29
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "378C5C4C-851F-4B29-8E81-B1FC9D65C863",
"versionEndExcluding": "5.0.34",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0AAA41-18D8-4200-933A-ED3121C34568",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C677B9E-1D9B-4182-8C5C-E369E5E3362A",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 5.x anteriores a la 5.0.34, CVErsiones 6.x anteriores a la 6.0.16 y CVErsiones 7.x anteriores a la 7.0.4. Un atacante que haya iniciado sesi\u00f3n en OTRS como usuario agente o cliente podr\u00eda subir un recurso manipulado para provocar la ejecuci\u00f3n de JavaScript en el contexto de OTRS. Esto est\u00e1 relacionado con la gesti\u00f3n incorrecta de Content-type en Kernel/Modules/PictureUpload.pm."
}
],
"id": "CVE-2019-9752",
"lastModified": "2024-11-21T04:52:14.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-13T22:29:00.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-21 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4047 | Third Party Advisory | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4047 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0D69D3-7B07-440E-BEB9-40F6A66EE9A4",
"versionEndExcluding": "3.3.20",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7619EE4-7588-462F-84FA-4FDB7BC3E11D",
"versionEndExcluding": "4.0.26",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79B79E5-3AE7-490D-9D06-456C809BD8B9",
"versionEndExcluding": "5.0.24",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation."
},
{
"lang": "es",
"value": "Existe inyecci\u00f3n de c\u00f3digo en Kernel/System/Spelling.pm en Open Ticket Request System (OTRS) 5 en versiones anteriores a la5.0.24; 4 en versiones anteriores a la 4.0.26 y 3.3 en versiones anteriores a la 3.3.20. En la interfaz del agente, un atacante remoto autenticado puede ejecutar comandos shell como el servidor web mediante la manipulaci\u00f3n de URL."
}
],
"id": "CVE-2017-16664",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-21T14:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3133 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80DA7734-25AF-4E76-A79B-845D7CDA9C47",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value."
},
{
"lang": "es",
"value": "Kernel/System/web/Request.pm en Open Ticket Request System (OTRS) anteriores a v2.3.2 crea un directorio en /tmp/ con permisos 1274, lo que podr\u00eda permitir a usuarios locales eludir las restricciones de acceso impuestas a trav\u00e9s de operaciones de sistema de archivos est\u00e1ndar, relacionado con el interpretaci\u00f3n incorrecta de 700 como un valor decimal."
}
],
"id": "CVE-2008-7276",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3133"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-02 16:05
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html | ||
| cve@mitre.org | http://secunia.com/advisories/57616 | Vendor Advisory | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2014-04-xss-issue | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57616 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2014-04-xss-issue | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.1 | |
| otrs | otrs | 3.2.2 | |
| otrs | otrs | 3.2.3 | |
| otrs | otrs | 3.2.4 | |
| otrs | otrs | 3.2.5 | |
| otrs | otrs | 3.2.6 | |
| otrs | otrs | 3.2.7 | |
| otrs | otrs | 3.2.8 | |
| otrs | otrs | 3.2.9 | |
| otrs | otrs | 3.2.10 | |
| otrs | otrs | 3.2.11 | |
| otrs | otrs | 3.2.12 | |
| otrs | otrs | 3.2.13 | |
| otrs | otrs | 3.2.14 | |
| otrs | otrs | 3.2.15 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.1 | |
| otrs | otrs | 3.3.2 | |
| otrs | otrs | 3.3.3 | |
| otrs | otrs | 3.3.4 | |
| otrs | otrs | 3.3.5 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 | |
| otrs | otrs | 3.1.10 | |
| otrs | otrs | 3.1.11 | |
| otrs | otrs | 3.1.13 | |
| otrs | otrs | 3.1.14 | |
| otrs | otrs | 3.1.15 | |
| otrs | otrs | 3.1.16 | |
| otrs | otrs | 3.1.17 | |
| otrs | otrs | 3.1.18 | |
| otrs | otrs | 3.1.19 | |
| otrs | otrs | 3.1.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2206E940-7C63-43A5-A041-CA13A84312A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EB051883-3917-414F-8A36-B51E833451E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "445641C8-5D1E-463E-8C00-1CD4E18B2B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "24C72855-1DF6-4456-A68A-89458C2EA7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A84F186F-D5F9-4968-BA39-2B44FFD2119F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2F58F68B-CCB5-408B-A721-05E355E9A2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C41A2AB-BED9-4185-A71B-23F6CF101DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC2C11-F0BB-4763-9B7D-D8ACCD259DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF18770-E861-4689-9040-A6E4BCB03D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77E1C1A9-4835-467D-8FA9-D93814634476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "097B8F4A-66E7-46E9-B624-EA26F8687181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B223E5A-9A4B-466B-BC0F-4C0400E70E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D8237-63CD-4075-B533-3E537A5B0D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8821F99A-24D8-483E-AD56-AA5D34BF47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B6966E-47DA-4852-87E0-E768CCE07012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F638AF98-56CC-44A3-94E7-B7CCBAAFCE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F52F5362-FFE8-49F4-97A9-2BE4D855AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3D62BAAF-5D94-46BA-92EF-1D643D968838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4F66CEF6-B9E8-4A04-9644-304D81E751FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB3E7AF-0B00-4D5E-A59C-F7470D02F534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "346A8E94-05FF-4F44-AED6-1D2589858646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4A05EB89-467D-4787-984F-C92819E40AD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F950A3B9-9347-4271-9AE2-816BB37F2FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78F12260-F695-492E-9F93-34873E8CD42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C2ACF399-6BD0-4753-A8FA-A7031C5E898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E314819D-7CF9-4DCC-8007-CFE73F3138A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D286118-DA1F-43A4-9B0B-9A340887EA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82E2C445-2CC0-4F4E-BF4E-C2987E273448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB02A9C-AE23-4DF6-88E7-A606A3483036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88AAC1C3-14CE-41F9-A371-769BEF17551E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB04AB6-A380-4620-A196-A295FE7C170D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5189FACC-454A-4AFD-A08C-0F4F7158EDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5959FA82-043D-42A6-BB7A-C4D37350C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DC1416-3EBF-4FA9-9A4E-0737BFFD4DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DBAFD-3213-4473-8F3A-783035D6ED9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D1729DB9-48DB-49D5-8F81-567D01B91866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AF271-B4CA-4217-A96A-835133AF517B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF17BC5-DEB1-47A1-9734-14F56F0B8DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A73332-DDB0-4C16-BB5B-4C4A3F90BF8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C031C614-E049-4BEC-9D57-D237B19DDB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9169AC-21CB-43EB-8030-8087AC4D9C50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores relacionados con campos din\u00e1micos."
}
],
"id": "CVE-2014-2553",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-02T16:05:57.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57616"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-04-xss-issue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-04-xss-issue"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=1882 | ||
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=2814 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=1882 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=2814 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE44315-D7DF-4500-9640-C7112C8300B0",
"versionEndIncluding": "2.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.2.7 env\u00eda correos electr\u00f3nicos que contienen un campo cabecera Bcc que lista los destinatarios de la BCC (copia carb\u00f3n blindada) lo que permite a atacantes remotos obtener direcciones de correo sensibles leyendo este campo."
}
],
"id": "CVE-2008-7281",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.470",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=1882"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2814"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=1882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=6878 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/66196 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=6878 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66196 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46972520-B127-4620-858D-BA70AA888CA0",
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields."
},
{
"lang": "es",
"value": "Los componentes (1) AgentInterface y (2) CustomerInterface en Open Ticket Request System (OTRS) anterior a v3.0.6 coloca las credenciales sin cifrar en los datos de sesi\u00f3n en la base de datos, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes dependientes de contexto obtener informaci\u00f3n sensible mediante la lectura de los campos _UserLogin y _UserPW.\r\n"
}
],
"id": "CVE-2011-1433",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6878"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66196"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47C540CA-5B12-4F0D-8FA9-7A51C40FBD86",
"versionEndIncluding": "5.0.35",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85151323-32CE-4839-AA73-60F8725E879B",
"versionEndIncluding": "6.0.17",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C68C6B27-26D4-453E-9142-3C193A4A530E",
"versionEndIncluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en Open Ticket Request System (OTRS) versi\u00f3n 7.x hasta 7.0.6 y en Community Edition versi\u00f3n versi\u00f3n 5.0.x hasta 5.0.35 y versi\u00f3n 6.0.x hasta 6.0.17. Un atacante logeado en OTRS como un agente de usuario con los permisos apropiados puede manipular la URL para provocar la ejecuci\u00f3n de JavaScript en el contexto de OTRS."
}
],
"id": "CVE-2019-10067",
"lastModified": "2024-11-21T04:18:19.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T00:29:00.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-20 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/342687 | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| cve@mitre.org | http://otrs.org/advisory/OSA-2010-03-en/ | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/41978 | Vendor Advisory | |
| cve@mitre.org | http://www.osvdb.org/68882 | ||
| cve@mitre.org | http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/342687 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2010-03-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41978 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/68882 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en AgentTicketZoom para OTRS v2.4.x v2.4.9, cuando RichText est\u00e1 activada, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de JavaScript en un correo electr\u00f3nico HTML."
}
],
"id": "CVE-2010-4071",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-20T19:00:05.473",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/342687"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-03-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41978"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/68882"
},
{
"source": "cve@mitre.org",
"url": "http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/342687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-03-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/68882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 08:15
Modified
2024-11-21 07:06
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2022-07/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2022-07/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | calendar_resource_planning | * | |
| otrs | calendar_resource_planning | * | |
| otrs | otrs | * | |
| otrs | otrs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:calendar_resource_planning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF7639B-FF2E-418D-9411-55C151EC121A",
"versionEndExcluding": "7.0.31",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:calendar_resource_planning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D744A08-7AE0-4230-8591-05035B1A84AD",
"versionEndExcluding": "8.0.23",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC37884-BF0A-4F67-AFC3-1C95BE001A55",
"versionEndExcluding": "7.0.35",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01314391-90B9-4D17-9571-7EE08FEF0D5C",
"versionEndExcluding": "8.0.23",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number."
},
{
"lang": "es",
"value": "Cuando ha sido deshabilitada la configuraci\u00f3n del sistema Secure::DisableBanner y el agente comparte su calendario por medio de una URL p\u00fablica, el archivo ICS recibido contiene el n\u00famero de versi\u00f3n de OTRS"
}
],
"id": "CVE-2022-32739",
"lastModified": "2024-11-21T07:06:51.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T08:15:18.960",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-07/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-07/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-12 06:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3876 | Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3876 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB8472B-A4C5-4C33-A1F8-F309263EA1E8",
"versionEndIncluding": "3.3.16",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A11EFC-F29E-476B-9F60-D349B8552606",
"versionEndIncluding": "4.0.23",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36B3B7E9-A5DF-45AE-8695-778C62C1C5A9",
"versionEndIncluding": "5.0.19",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end."
},
{
"lang": "es",
"value": "En Open Ticket Request System (OTRS) versi\u00f3n 3.3.x hasta la versi\u00f3n 3.3.16, versi\u00f3n 4.x hasta 4.0.23 y versi\u00f3n 5.x hasta la versi\u00f3n 5.0.19, un atacante con permiso de agente es capaz de abrir una URL espec\u00edfica en un navegador para alcanzar privilegios administrativos y acceso completo. Despu\u00e9s, todos los ajustes del sistema se pueden leer y cambiar. Las URL en cuesti\u00f3n contienen index.pl?Action=Installer con ;Subaction=Intro o ;Subaction=Start o ;Subaction=System anexado al final."
}
],
"id": "CVE-2017-9324",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-12T06:29:00.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3876"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-01 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html | Third Party Advisory | |
| cve@mitre.org | http://otrs.org/advisory/OSA-2008-01-en/ | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29585 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29622 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29859 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/28647 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41577 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2008-01-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29585 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29622 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29859 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28647 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41577 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD39ADE-D547-458C-9C49-66CB656EC6A8",
"versionEndExcluding": "2.1.8",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CA5BBB-785C-4D75-8B25-2BF62C28A613",
"versionEndExcluding": "2.2.6",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to \"read and modify objects\" via SOAP requests, related to \"Missing security checks.\""
},
{
"lang": "es",
"value": "La interfaz SOAP en OTRS versi\u00f3n 2.1.x anterior a 2.1.8 y versi\u00f3n 2.2.x anterior a 2.2.6, permite a los atacantes remotos \u201cread and modify objects\" por medio de peticiones SOAP, relacionadas con \"Missing security checks\""
}
],
"id": "CVE-2008-1515",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-01T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2008-01-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29585"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29622"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29859"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28647"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41577"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2008-01-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00284.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-22 09:15
Modified
2024-11-21 05:48
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3670FD-E893-4F88-A619-0898E422EBDE",
"versionEndExcluding": "6.0.29",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49D03751-FD5B-45FA-B77C-5ECE233C5818",
"versionEndExcluding": "7.0.24",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions."
},
{
"lang": "es",
"value": "Los agentes pueden ser capaces de visualizar art\u00edculos de FAQ vinculados sin permisos (definidos en la categor\u00eda FAQ).\u0026#xa0;Este problema afecta a: FAQ versi\u00f3n 6.0.29 y anteriores, OTRS versi\u00f3n 7.0.24 y anteriores"
}
],
"id": "CVE-2021-21438",
"lastModified": "2024-11-21T05:48:21.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-22T09:15:13.437",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-08/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-08/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=4399 | Exploit | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=4399 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "073CCCF6-37C5-465D-BBF9-38BBB2748C16",
"versionEndIncluding": "2.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections."
},
{
"lang": "es",
"value": "La configuraci\u00f3n ACL-customer-status Ticket Type en Open Ticket Request System (OTRS) anteriores a v3.0.0-beta1 no restringe las opciones del ticket despu\u00e9s de una recarga de AJAX, lo que permite a usuarios remotos autenticados eludir las restricciones destinadas ACL en las selecciones (1) Status, (2) Service, y (3) Qeue."
}
],
"id": "CVE-2010-4763",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4399"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-16 10:15
Modified
2024-11-21 05:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2021-11/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2021-11/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3B2D503B-661B-43EC-9902-D0613A037AA4",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD804F2-13CB-4381-A578-D82159350555",
"versionEndIncluding": "7.0.26",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a XSS vulnerability in the ticket overview screens. It\u0027s possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn\u0027t require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS en las pantallas de resumen de tickets. Es posible recopilar varias informaciones al tener un correo electr\u00f3nico mostrado en la pantalla de resumen. El ataque puede llevarse a cabo mediante el env\u00edo de un correo electr\u00f3nico especialmente dise\u00f1ado al sistema y no requiere la intervenci\u00f3n del usuario. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versiones 6.0.x, 6.0.1 y versiones posteriores. OTRS AG OTRS versiones 7.0.x, 7.0.26 y versiones anteriores"
}
],
"id": "CVE-2021-21441",
"lastModified": "2024-11-21T05:48:22.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-16T10:15:08.837",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-11/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-10 18:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://otrs.com/release-notes/otrs-security-advisory-2019-11/ | Vendor Advisory | |
| cve@mitre.org | https://www.otrs.com/category/release-and-security-notes-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2019-11/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/category/release-and-security-notes-en/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B00766B-5077-4C1A-AFD6-031C8CE766DF",
"versionEndIncluding": "7.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their \"company\" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Open Ticket Request System (OTRS) versiones 7.0.x hasta 7.0.8. Un usuario cliente puede usar los resultados de la b\u00fasqueda para divulgar informaci\u00f3n de sus tickets \"company\" (con el mismo CustomerID), inclusive cuando la configuraci\u00f3n CustomerDisableCompanyTicketAccess est\u00e1 activada."
}
],
"id": "CVE-2019-13457",
"lastModified": "2024-11-21T04:24:56.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-10T18:15:11.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-19 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/73885 | ||
| cve@mitre.org | http://otrs.org/advisory/OSA-2011-02-en/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45227 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/48678 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/68558 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/73885 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2011-02-en/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45227 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48678 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68558 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | iphonehandle | 0.9.1 | |
| otrs | iphonehandle | 0.9.2 | |
| otrs | iphonehandle | 0.9.3 | |
| otrs | iphonehandle | 0.9.4 | |
| otrs | iphonehandle | 0.9.5 | |
| otrs | iphonehandle | 0.9.6 | |
| otrs | iphonehandle | 1.0.1 | |
| otrs | iphonehandle | 1.0.2 | |
| otrs | otrs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "166CEE25-B287-47B8-92A4-96D504F5C3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "440BEDBC-5E1F-41A3-B327-31E0A5B72621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6A91FD-7B80-4572-8966-055038473E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "19F565FC-D1FF-43B8-8C00-C11FAC90E9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93B55CE0-0113-4790-AC6F-5523D1B0E126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A65E58C-C4D3-47C9-83E4-C7CF2E9103C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "269242CA-918A-4537-8A51-E9AFE80F14B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:iphonehandle:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76856D48-6075-49F2-8C76-C3D6AC0985FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC98827-8C46-4D35-A3A8-106040AE0499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors."
},
{
"lang": "es",
"value": "El paquete iPhoneHandle v0.9.x anterior a v0.9.7 y v1.0.x anterios a v1.0.3 en Open Ticket Request System (OTRS) no restringe adecuadamente el uso de intefaces de iPhoneHandle, lo que permite a usuarios autenticados de forma remota obtener privilegios, y en consecuencia, leer o modificar objetos OTRS, a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-2385",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-19T20:55:01.117",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/73885"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2011-02-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45227"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48678"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/73885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2011-02-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 19:15
Modified
2024-11-21 01:56
Severity ?
Summary
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FCD021-75D4-4277-9AC9-83289478ECD3",
"versionEndIncluding": "3.0.21",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC16347-0CF1-4EAA-ADC7-31A91AEE2479",
"versionEndIncluding": "3.1.17",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE3EEB-7AAA-4BF0-9620-21071FB5DC0D",
"versionEndIncluding": "3.2.8",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E94142F-82B4-458D-A839-84E2D74EA53B",
"versionEndIncluding": "3.0.8",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCA116F-B9E0-447C-BAB9-8E97BAEE5FCE",
"versionEndIncluding": "3.1.9",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06351730-EB2B-4204-A66A-38F876F5F225",
"versionEndIncluding": "3.2.6",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Open Ticket Request System (OTRS) Help Desk versiones 3.0.x anteriores a 3.0.22, 3.1.x anteriores a 3.1.18, y 3.2.x anteriores a 3.2.9, permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios por medio de vectores no especificados relacionados con los archivos Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm y Kernel/System/TicketSearch.pm"
}
],
"id": "CVE-2013-4717",
"lastModified": "2024-11-21T01:56:07.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T19:15:07.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-18 07:15
Modified
2024-11-21 06:13
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2021-20/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2021-20/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "744CBDE7-F971-4D0D-8BA9-43F8FADA1963",
"versionEndIncluding": "8.0.16",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Agents are able to lock the ticket without the \"Owner\" permission. Once the ticket is locked, it could be moved to the queue where the agent has \"rw\" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions."
},
{
"lang": "es",
"value": "Unos agentes pueden bloquear el ticket sin el permiso de \"Owner\". Una vez bloqueado el ticket, puede ser movido a la cola donde el agente tiene permisos \"rw\" y conseguir un control total. Este problema afecta a: OTRS AG OTRS 8.0.x versi\u00f3n: 8.0.16 y versiones anteriores"
}
],
"id": "CVE-2021-36097",
"lastModified": "2024-11-21T06:13:09.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-18T07:15:07.413",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-20/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-20/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3103 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3103 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "507B2DC6-3FAC-48B7-B4A2-C3118DFAE2DF",
"versionEndIncluding": "2.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors."
},
{
"lang": "es",
"value": "El componente CustomerInterface en Open Ticket Request System (OTRS) anterior a v2.2.8 permite a usuarios remotos autenticados eludir las restricciones de acceso impuestas y los tickets clientes arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-7279",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.423",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3103"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=2934 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=2934 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE44315-D7DF-4500-9640-C7112C8300B0",
"versionEndIncluding": "2.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message."
},
{
"lang": "es",
"value": "Kernel/System/EmailParser.pm en PostmasterPOP3.pl en Open Ticket Request System (OTRS) anterior a v2.2.7 no controla correctamente los mensajes de correo electr\u00f3nico con caracteres UTF-8 incorrectos, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corte de recuperaci\u00f3n de correo electr\u00f3nico) a trav\u00e9s de un mensaje manipulado."
}
],
"id": "CVE-2008-7280",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2934"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-19 18:15
Modified
2024-11-21 04:30
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://community.otrs.com/category/security-advisories-en/ | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| cve@mitre.org | https://otrs.com/release-notes/otrs-security-advisory-2019-13/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/category/security-advisories-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2019-13/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "AFE1B3E1-1E48-4097-8517-A205E88A5DC9",
"versionEndIncluding": "5.0.37",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "B78B02C9-56F4-4804-A6A4-F055D3B29715",
"versionEndIncluding": "6.0.22",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E8678C-D680-4067-8306-A80E89EF1AF0",
"versionEndIncluding": "7.0.11",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Open Ticket Request System (OTRS) versiones 7.0.x hasta 7.0.11, y Community Edition versiones 5.0.x hasta 5.0.37 y versiones 6.0.x hasta 6.0.22. Un atacante que haya iniciado sesi\u00f3n como un usuario agente o cliente con los permisos apropiados puede crear una cadena cuidadosamente dise\u00f1ada que contenga c\u00f3digo JavaScript malicioso como cuerpo del art\u00edculo. Este c\u00f3digo malicioso es ejecutado cuando un agente redacta una respuesta al art\u00edculo original."
}
],
"id": "CVE-2019-16375",
"lastModified": "2024-11-21T04:30:35.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-19T18:15:14.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-13/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-13/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 08:15
Modified
2024-11-21 07:58
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via
ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation
and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5633F2D7-FCD5-4C47-915D-5ACC776A264A",
"versionEndExcluding": "8.0.32",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via\nticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data).\u00a0Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation\nand the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.\n\n"
}
],
"id": "CVE-2023-2534",
"lastModified": "2024-11-21T07:58:47.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T08:15:43.673",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-03/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-20 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4069 | Third Party Advisory | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4069 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87E8447E-0679-4520-9E24-25344DD01390",
"versionEndExcluding": "4.0.28",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A78367-51C1-4680-AA0B-E38029FC5DD0",
"versionEndExcluding": "5.0.26",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6B61B6-7466-4B85-AB4E-4D34657262A8",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) en versiones 4.0.x anteriores a la 4.0.28, 5.0.x anteriores a la 5.0.26 y 6.0.x anteriores a la 6.0.3, cuando el soporte de cookies est\u00e1 desactivado, podr\u00eda permitir a los atacantes remotos secuestrar las sesiones web y ganar privilegios en consecuencia mediante un email manipulado."
}
],
"id": "CVE-2017-17476",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T17:29:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4069"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-06 20:29
Modified
2024-11-21 03:41
Severity ?
Summary
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "485CF8BC-B62B-4EE9-B89A-34D7F9706478",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en OTRS, en versiones 6.0.x anteriores a la 6.0.7. Un atacante que haya iniciado sesi\u00f3n en OTRS como cliente puede emplear la pantalla de visualizaci\u00f3n de tickets para revelar informaci\u00f3n interna de art\u00edculos de sus tickets de cliente."
}
],
"id": "CVE-2018-10198",
"lastModified": "2024-11-21T03:41:00.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T20:29:00.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-13 22:29
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C066F537-3A3C-457A-953B-C43A29CF78EC",
"versionEndExcluding": "6.0.17",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5439FA8C-BDA4-4B70-ABDF-3ACABC4FC73E",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 6.x, anteriores a la 6.0.17 y CVErsiones 7.x anteriores a la 7.0.5. Un atacante que haya iniciado sesi\u00f3n en OTRS como usuario administrador podr\u00eda manipular la URL para provocar la ejecuci\u00f3n de JavaScript en el contexto de OTRS. Esto est\u00e1 relacionado con Kernel/Output/Template/Document.pm."
}
],
"id": "CVE-2019-9751",
"lastModified": "2024-11-21T04:52:14.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-13T22:29:00.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 09:15
Modified
2024-11-21 08:12
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "63B08C08-56D6-40F4-B481-BC8672FD7AC8",
"versionEndExcluding": "7.0.45",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4F6AD29E-B905-4974-95EE-23E9C05186C0",
"versionEndExcluding": "8.0.35",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
],
"id": "CVE-2023-38056",
"lastModified": "2024-11-21T08:12:45.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T09:15:09.403",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-05/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-21 16:15
Modified
2024-11-21 01:53
Severity ?
Summary
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2013-0196.html | Third Party Advisory | |
| cve@mitre.org | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2013-0196.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8DBDF3-4B17-4A40-B7B0-5C3E0C2D56F0",
"versionEndExcluding": "3.0.20",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F087FCE9-65A5-484C-B12F-B5DA62DE674E",
"versionEndExcluding": "3.1.16",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A1D49-3954-49FE-B380-B09882A37C6C",
"versionEndExcluding": "3.2.7",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE3C475-E0F2-45CE-B3F7-65E6D67229B2",
"versionEndExcluding": "3.0.8",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A410BE4-CB6E-44A0-BCD3-98C8414F32D1",
"versionEndExcluding": "3.1.9",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88C588FA-05C0-4677-A35C-7F9F518D225A",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
},
{
"lang": "es",
"value": "El archivo Kernel/Modules/AgentTicketPhone.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.20, versiones 3.1.x anteriores a 3.1.16, y versiones 3.2.x anteriores a 3.2.7, y OTRS ITSM versiones 3.0.x anteriores a 3.0.8, versiones 3.1.x anteriores a 3.1.9, y versiones 3.2.x anteriores a 3.2.5, no restringe apropiadamente los tickets, lo cual permite a atacantes remotos con un inicio de sesi\u00f3n de agente v\u00e1lido, leer tickets restringidos por medio de una URL dise\u00f1ada que implica el mecanismo de divisi\u00f3n de tickets."
}
],
"id": "CVE-2013-3551",
"lastModified": "2024-11-21T01:53:51.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-21T16:15:11.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-23 10:32
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html | ||
| cret@cert.org | http://secunia.com/advisories/50513 | ||
| cret@cert.org | http://www.debian.org/security/2012/dsa-2536 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/582879 | Exploit, US Government Resource | |
| cret@cert.org | http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50513 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/582879 | Exploit, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 2.4.11 | |
| otrs | otrs | 2.4.12 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 | |
| otrs | otrs | 3.0.5 | |
| otrs | otrs | 3.0.6 | |
| otrs | otrs | 3.0.7 | |
| otrs | otrs | 3.0.8 | |
| otrs | otrs | 3.0.9 | |
| otrs | otrs | 3.0.10 | |
| otrs | otrs | 3.0.11 | |
| otrs | otrs | 3.0.12 | |
| otrs | otrs | 3.0.13 | |
| otrs | otrs | 3.0.14 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs_itsm | 2.1.0 | |
| otrs | otrs_itsm | 2.1.1 | |
| otrs | otrs_itsm | 2.1.2 | |
| otrs | otrs_itsm | 2.1.3 | |
| otrs | otrs_itsm | 2.1.4 | |
| otrs | otrs_itsm | 3.0.0 | |
| otrs | otrs_itsm | 3.0.1 | |
| otrs | otrs_itsm | 3.0.2 | |
| otrs | otrs_itsm | 3.0.3 | |
| otrs | otrs_itsm | 3.0.4 | |
| otrs | otrs_itsm | 3.0.5 | |
| otrs | otrs_itsm | 3.1.0 | |
| otrs | otrs_itsm | 3.1.1 | |
| otrs | otrs_itsm | 3.1.2 | |
| otrs | otrs_itsm | 3.1.3 | |
| otrs | otrs_itsm | 3.1.4 | |
| otrs | otrs_itsm | 3.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC028B45-B693-457B-8D2C-312C7363593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE458E4-7394-48EB-8711-BC360036C082",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB3159B-EF44-4D18-A4E9-EE149F588BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F879541-066F-4C86-8844-B577EA8F2661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A021-28B3-4358-951F-86F791A9655A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6605C7-A589-43BD-BB4A-1917D964569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "388F9AA8-CFF2-4742-B594-A5462DA424FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5587B6D5-9219-4429-BA50-723CDA760377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2914F4-C45B-4CBA-8EF4-DA1FEC309895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "61B492D3-5659-4F8B-A0B9-3F5937203BED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A099342-C98B-4B2F-B878-B3FCB0A62123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B93DC6C-E210-4417-B473-62A80C7AA5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD63E70-69E0-4870-8938-0B26B76D73D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53452C0F-FE9F-4EF6-A4FD-7AF9631E22BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CFD77-0E81-4EA3-A1AC-A92025CE982A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3949B8-D461-4C94-AE6C-89122AC5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF4FD28-8DF9-466B-8CDE-8077CADFEC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF64AA5-50E6-4D3B-8F60-1D80C9BBDC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB590BAC-7E69-447B-B4AD-E813F92CDF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED128D4-28F0-4FF9-AB2D-6D47952EF4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17E88594-DDBF-4568-9CC7-F4F5D9306F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AC10F7-096D-4E3B-8DF5-C59BC2C7AACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77089A07-0800-43E5-84B5-E19AB5170B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5250013-774E-41E2-B57F-86560EB54F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0196A1-269D-4555-A163-06998738DCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "778CD948-FEBB-4949-A64D-35995AD1DB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B31AC2-2388-4C33-ACAC-30CF8719DC47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) Help Desk v2.4.x anterior a v2.4.13, v3.0.x anterior a v3.0.15, y v3.1.x anterior a v3.1.9, y OTRS ITSM v2.1.x anterior a v2.1.5, v3.0.x anterior a v3.0.6, y v3.1.x anterior a v3.1.6, permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s del cuerpo de un mensaje de correo electr\u00f3nico con (1)una propiedad de una expresi\u00f3n en un atributo STYLE de un elemento arbitrario o (2) texto UTF-7 en un elemento META HTTP-EQUIV=\"CONTENT-TYPE\".\r\n\r\n\r\n"
}
],
"id": "CVE-2012-2582",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-23T10:32:14.967",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/50513"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2012/dsa-2536"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 05:15
Modified
2024-11-21 05:48
Severity ?
5.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2021-10/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2021-10/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "BA5480D8-2A47-4ABD-BA85-F0FEBEAC0D53",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F285C0-B9FC-4AF7-85D0-19F6594AAB7B",
"versionEndIncluding": "7.0.27",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A58195-E89D-4628-9A92-3A71F48CB342",
"versionEndIncluding": "8.0.14",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions."
},
{
"lang": "es",
"value": "Unos Paquetes de Soporte Generados contienen claves privadas S/MIME y PGP si la carpeta que los contiene no est\u00e1 oculta. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versi\u00f3n 6.0.x versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS versi\u00f3n 7.0.x versi\u00f3n 7.0.27 y versiones anteriores; versi\u00f3n 8.0.x versi\u00f3n 8.0.14 y versiones anteriores"
}
],
"id": "CVE-2021-21440",
"lastModified": "2024-11-21T05:48:22.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T05:15:07.283",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-29 21:03
Modified
2025-04-03 01:03
Severity ?
Summary
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=113272360804853&w=2 | ||
| cve@mitre.org | http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://otrs.org/advisory/OSA-2005-01-en/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17685/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/18101 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/18887 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/200 | ||
| cve@mitre.org | http://www.debian.org/security/2006/dsa-973 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_30_sr.html | ||
| cve@mitre.org | http://www.osvdb.org/21066 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/15537/ | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/2535 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/23355 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=113272360804853&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2005-01-en/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17685/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18101 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18887 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/200 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_30_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/21066 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15537/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2535 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23355 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources."
}
],
"id": "CVE-2005-3895",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-29T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18101"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18887"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/200"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21066"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15537/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15537/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23355"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-09 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | ||
| cve@mitre.org | http://otrs.org/advisory/OSA-2010-01-en/ | Vendor Advisory | |
| cve@mitre.org | http://otrs.org/releases/2.4.7/ | ||
| cve@mitre.org | http://secunia.com/advisories/38507 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/38544 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log | ||
| cve@mitre.org | http://www.osvdb.org/62181 | ||
| cve@mitre.org | http://www.otrs.org/news/2010/otrs_2-4-7/ | ||
| cve@mitre.org | http://www.securityfocus.com/bid/38146 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2010-01-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/releases/2.4.7/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38507 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/62181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.otrs.org/news/2010/otrs_2-4-7/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/38146 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Kernel/System/Ticket.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.1.x anteriores a v2.1.9, v2.2.x anteriores a v2.2.9, v2.3.x anteriores a v2.3.5, y v2.4.x anteriores a v2.4.7 permite a usuarios autenticados ejecutar comandos SQL a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-0438",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-09T19:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-01-en/"
},
{
"source": "cve@mitre.org",
"url": "http://otrs.org/releases/2.4.7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38507"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38544"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62181"
},
{
"source": "cve@mitre.org",
"url": "http://www.otrs.org/news/2010/otrs_2-4-7/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-01-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otrs.org/releases/2.4.7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.otrs.org/news/2010/otrs_2-4-7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38146"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3499 | Exploit | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3499 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3A920C-BAF4-4252-B543-4FE1828043A5",
"versionEndIncluding": "2.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.3.5 no desactiva de forma adecuada los permisos ocultos, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso a la cola previstos, en ciertas circunstancias al visitar un ticket, est\u00e1 relacionado con un cierto orden del conjunto de permisos y eliminaci\u00f3n de los mismos, que implica a ambos, permisos ocultos y otros."
}
],
"id": "CVE-2010-4768",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3499"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-21 10:15
Modified
2024-11-21 06:13
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Specially crafted string in OTRS system configuration can allow the execution of any system command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2022-03/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2022-03/ | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A9679A-37CF-4131-B232-C06B4986BE7B",
"versionEndExcluding": "7.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7561495-72DA-4EB0-8CD5-D8A8BE46DD25",
"versionEndExcluding": "7.0.33",
"versionStartIncluding": "7.0.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDE9F37-595F-47EE-937F-0FE0D7F2B045",
"versionEndExcluding": "8.0.21",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EA7692-CEC4-4BC8-8119-784DF193FBCC",
"versionEndExcluding": "7.0.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEE8295-FA8D-4175-9B0D-482CCE3B342A",
"versionEndExcluding": "8.0.28",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFC3737-F958-4706-ACED-5240478E5130",
"versionEndExcluding": "8.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted string in OTRS system configuration can allow the execution of any system command."
},
{
"lang": "es",
"value": "Una cadena especialmente dise\u00f1ada en la configuraci\u00f3n del sistema OTRS puede permitir la ejecuci\u00f3n de cualquier comando del sistema"
}
],
"id": "CVE-2021-36100",
"lastModified": "2024-11-21T06:13:09.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-21T10:15:07.777",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 08:15
Modified
2024-11-21 09:49
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.
This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E122DB1-85DB-4430-A8C2-1B599364FD1F",
"versionEndExcluding": "2024.5.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\nThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\n\n"
},
{
"lang": "es",
"value": "Un filtrado inadecuado de los campos al utilizar la funci\u00f3n de exportaci\u00f3n en la descripci\u00f3n general de tickets de la interfaz externa en OTRS podr\u00eda permitir a un usuario autorizado descargar una lista de tickets que contiene informaci\u00f3n sobre tickets de otros clientes. El problema solo ocurre si el administrador ha desactivado TicketSearchLegacyEngine. Este problema afecta a OTRS: 8.0.X, 2023.X, desde 2024.X hasta 2024.4.x"
}
],
"id": "CVE-2024-6540",
"lastModified": "2024-11-21T09:49:50.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T08:15:02.743",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-790"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-20 09:15
Modified
2024-11-21 07:38
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B1D5F9-829A-4ADB-AF14-B9AE6C06DB67",
"versionEndExcluding": "7.0.42",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
],
"id": "CVE-2023-1248",
"lastModified": "2024-11-21T07:38:45.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-20T09:15:11.877",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-01/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-08 16:15
Modified
2024-11-21 05:11
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-12/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-12/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FF35C3-7B9B-4A24-B043-751903BA6FCD",
"versionEndExcluding": "7.0.18",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBBBE40-F0AD-4198-8E66-B4505230FD92",
"versionEndExcluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions."
},
{
"lang": "es",
"value": "Los destinatarios de BCC en los correos enviados desde OTRS son visibles en los detalles del art\u00edculo en la interfaz externa. Este problema afecta a OTRS: versiones 8.0.3 y anteriores, versiones 7.0.17 y anteriores"
}
],
"id": "CVE-2020-1775",
"lastModified": "2024-11-21T05:11:21.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T16:15:10.197",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-12/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 19:15
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FCD021-75D4-4277-9AC9-83289478ECD3",
"versionEndIncluding": "3.0.21",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC16347-0CF1-4EAA-ADC7-31A91AEE2479",
"versionEndIncluding": "3.1.17",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE3EEB-7AAA-4BF0-9620-21071FB5DC0D",
"versionEndIncluding": "3.2.8",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E94142F-82B4-458D-A839-84E2D74EA53B",
"versionEndIncluding": "3.0.8",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCA116F-B9E0-447C-BAB9-8E97BAEE5FCE",
"versionEndIncluding": "3.1.9",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06351730-EB2B-4204-A66A-38F876F5F225",
"versionEndIncluding": "3.2.6",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en Open Ticket Request System (OTRS) ITSM versiones 3.0.x anteriores a 3.0.9, versiones 3.1.x anteriores a 3.1.10 y versiones 3.2.x anteriores a 3.2.7, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de una b\u00fasqueda de ITSM ConfigItem"
}
],
"id": "CVE-2013-4718",
"lastModified": "2024-11-21T01:56:07.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T19:15:07.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 05:15
Modified
2024-11-21 06:13
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2330DDC0-20DF-4031-A4A3-017F0E73C08A",
"versionEndIncluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A658717B-6A53-42A3-AEE6-8FB0F9F9024A",
"versionEndExcluding": "7.0.28",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18223082-42F8-490D-A6C2-4A6A2432CE45",
"versionEndExcluding": "8.0.15",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions."
},
{
"lang": "es",
"value": "Es posible crear un correo electr\u00f3nico que contenga un enlace especialmente dise\u00f1ado y que pueda ser usado para llevar a cabo un ataque de tipo XSS. Este problema afecta a: OTRS AG ((OTRS)) Community Edition: versi\u00f3n 6.0.x versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS: versi\u00f3n 7.0.x versi\u00f3n 7.0.27 y versiones anteriores; versi\u00f3n 8.0.x versi\u00f3n 8.0.14 y versiones anteriores"
}
],
"id": "CVE-2021-36092",
"lastModified": "2024-11-21T06:13:08.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T05:15:07.640",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-15/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-04 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0day.today/exploit/29938 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0day.today/exploit/29938 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBE1B55-21B5-431C-A3B1-F86D73EC1090",
"versionEndIncluding": "5.0.23",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3ED863-6A35-4774-90BD-C7CEC377D5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2491453A-3458-4D07-94A0-80A1AB8AF0DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating \"the behaviour is as designed and needed for different packages to be installed\", \"there is a security warning if the package is not verified by OTRS Group\", and \"there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary."
},
{
"lang": "es",
"value": "** EN DISPUTA ** En el Admin Package Manager en Open Ticket Request System (OTRS) 5.0.0 hasta 5.0.24 y 6.0.0 hasta 6.0.1, los administradores autenticados pueden explotar una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo ciega cargando un archivo opm manipulado mediante un elemento CodeInstall para ejecutar un comando en el servidor mediante la instalaci\u00f3n de paquetes. NOTA: el fabricante discute este problema argumentando que \"el comportamiento se ha dise\u00f1ado as\u00ed y es necesario para que diferentes paquetes sean instalados\", \"hay una advertencia de seguridad si el paquete no est\u00e1 verificado por OTRS Group\" y \"es posible y la responsabilidad de un administrador comprobar los paquetes antes de instalarlos, lo que es posible porque no son binarios\"."
}
],
"id": "CVE-2018-7567",
"lastModified": "2024-11-21T04:12:23.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-04T20:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0day.today/exploit/29938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0day.today/exploit/29938"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-06 14:15
Modified
2024-11-21 06:13
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3B2D503B-661B-43EC-9902-D0613A037AA4",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "336DCF0F-236B-46A0-A112-A201F9B6014D",
"versionEndExcluding": "7.0.29",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "48EBDE7F-60BB-4F61-9042-8FF68EF728A6",
"versionEndExcluding": "8.0.16",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
},
{
"lang": "es",
"value": "Es posible crear un correo electr\u00f3nico que puede atascarse mientras es procesado por los filtros PostMaster, causando DoS. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versi\u00f3n 6.0.x, versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS versi\u00f3n 7.0.x, versi\u00f3n 7.0.28 y versiones anteriores; versi\u00f3n 8.0.x, versi\u00f3n 8.0.15 y versiones anteriores."
}
],
"id": "CVE-2021-36093",
"lastModified": "2024-11-21T06:13:08.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-06T14:15:07.197",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-185"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-29 10:15
Modified
2024-11-21 08:58
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E47E75A-C9A9-40EE-A5DE-B4CDD98E7B7F",
"versionEndExcluding": "7.0.49",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9B2075-4C3E-48C9-96DA-655E4F29325A",
"versionEndExcluding": "2024.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "La inserci\u00f3n de informaci\u00f3n de depuraci\u00f3n en el archivo de registro durante la creaci\u00f3n del \u00edndice de b\u00fasqueda el\u00e1stico permite leer informaci\u00f3n confidencial de los art\u00edculos. Este problema afecta a OTRS: de 7.0.X a 7.0.48, de 8.0.X a 8.0.37, de 2023.X a 2023.1 .1."
}
],
"id": "CVE-2024-23791",
"lastModified": "2024-11-21T08:58:25.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-29T10:15:08.483",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 00:29
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA6DC84-F3F5-4817-B6E3-61BD2CAA8534",
"versionEndIncluding": "5.0.12",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85151323-32CE-4839-AA73-60F8725E879B",
"versionEndIncluding": "6.0.17",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C68C6B27-26D4-453E-9142-3C193A4A530E",
"versionEndIncluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en Open Ticket Request System (OTRS) versi\u00f3n 7.x hasta 7.0.6, Community Edition versi\u00f3n 6.0.x hasta 6.0.17 y OTRSAppointmentCalendar versi\u00f3n 5.0.x hasta 5.0.12. Un atacante logeado en OTRS como agente con los permisos apropiados puede crear una cita de calendario minuciosamente dise\u00f1ada para provocar la ejecuci\u00f3n de JavaScript en el contexto de OTRS."
}
],
"id": "CVE-2019-10066",
"lastModified": "2024-11-21T04:18:19.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T00:29:00.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://www.securityfocus.com/bid/94141 | ||
| security@debian.org | https://www.otrs.com/security-advisory-2016-02-security-update-otrs/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94141 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2016-02-security-update-otrs/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 | |
| otrs | otrs | 3.0.5 | |
| otrs | otrs | 3.0.6 | |
| otrs | otrs | 3.0.7 | |
| otrs | otrs | 3.0.8 | |
| otrs | otrs | 3.0.9 | |
| otrs | otrs | 3.0.10 | |
| otrs | otrs | 3.0.11 | |
| otrs | otrs | 3.0.12 | |
| otrs | otrs | 3.0.13 | |
| otrs | otrs | 3.0.14 | |
| otrs | otrs | 3.0.15 | |
| otrs | otrs | 3.0.16 | |
| otrs | otrs | 3.0.17 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 | |
| otrs | otrs | 3.1.10 | |
| otrs | otrs | 3.1.11 | |
| otrs | otrs | 3.1.13 | |
| otrs | otrs | 3.1.14 | |
| otrs | otrs | 3.1.15 | |
| otrs | otrs | 3.1.16 | |
| otrs | otrs | 3.1.17 | |
| otrs | otrs | 3.1.18 | |
| otrs | otrs | 3.1.19 | |
| otrs | otrs | 3.1.20 | |
| otrs | otrs | 3.1.21 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.1 | |
| otrs | otrs | 3.2.2 | |
| otrs | otrs | 3.2.3 | |
| otrs | otrs | 3.2.4 | |
| otrs | otrs | 3.2.5 | |
| otrs | otrs | 3.2.6 | |
| otrs | otrs | 3.2.7 | |
| otrs | otrs | 3.2.8 | |
| otrs | otrs | 3.2.9 | |
| otrs | otrs | 3.2.10 | |
| otrs | otrs | 3.2.11 | |
| otrs | otrs | 3.2.12 | |
| otrs | otrs | 3.2.13 | |
| otrs | otrs | 3.2.14 | |
| otrs | otrs | 3.2.15 | |
| otrs | otrs | 3.2.16 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.1 | |
| otrs | otrs | 3.3.2 | |
| otrs | otrs | 3.3.3 | |
| otrs | otrs | 3.3.4 | |
| otrs | otrs | 3.3.5 | |
| otrs | otrs | 3.3.6 | |
| otrs | otrs | 3.3.7 | |
| otrs | otrs | 3.3.8 | |
| otrs | otrs | 3.3.9 | |
| otrs | otrs | 3.3.10 | |
| otrs | otrs | 3.3.11 | |
| otrs | otrs | 3.3.12 | |
| otrs | otrs | 3.3.13 | |
| otrs | otrs | 3.3.14 | |
| otrs | otrs | 3.3.15 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.1 | |
| otrs | otrs | 4.0.2 | |
| otrs | otrs | 4.0.3 | |
| otrs | otrs | 4.0.4 | |
| otrs | otrs | 4.0.5 | |
| otrs | otrs | 4.0.6 | |
| otrs | otrs | 4.0.7 | |
| otrs | otrs | 4.0.8 | |
| otrs | otrs | 4.0.9 | |
| otrs | otrs | 4.0.10 | |
| otrs | otrs | 4.0.11 | |
| otrs | otrs | 4.0.12 | |
| otrs | otrs | 4.0.13 | |
| otrs | otrs | 4.0.14 | |
| otrs | otrs | 4.0.15 | |
| otrs | otrs | 4.0.16 | |
| otrs | otrs | 4.0.17 | |
| otrs | otrs | 4.0.18 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.1 | |
| otrs | otrs | 5.0.2 | |
| otrs | otrs | 5.0.3 | |
| otrs | otrs | 5.0.4 | |
| otrs | otrs | 5.0.5 | |
| otrs | otrs | 5.0.6 | |
| otrs | otrs | 5.0.7 | |
| otrs | otrs | 5.0.8 | |
| otrs | otrs | 5.0.9 | |
| otrs | otrs | 5.0.10 | |
| otrs | otrs | 5.0.11 | |
| otrs | otrs | 5.0.12 | |
| otrs | otrs | 5.0.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB3159B-EF44-4D18-A4E9-EE149F588BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F879541-066F-4C86-8844-B577EA8F2661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A021-28B3-4358-951F-86F791A9655A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6605C7-A589-43BD-BB4A-1917D964569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "388F9AA8-CFF2-4742-B594-A5462DA424FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5587B6D5-9219-4429-BA50-723CDA760377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2914F4-C45B-4CBA-8EF4-DA1FEC309895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "61B492D3-5659-4F8B-A0B9-3F5937203BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5258544-BF7A-4C64-88A6-C95E4482FA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "706EACAF-7E79-4809-8206-818145101E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8A24F2-30F1-4C14-BF54-9D1A83273BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5189FACC-454A-4AFD-A08C-0F4F7158EDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5959FA82-043D-42A6-BB7A-C4D37350C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DC1416-3EBF-4FA9-9A4E-0737BFFD4DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DBAFD-3213-4473-8F3A-783035D6ED9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D1729DB9-48DB-49D5-8F81-567D01B91866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AF271-B4CA-4217-A96A-835133AF517B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF17BC5-DEB1-47A1-9734-14F56F0B8DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A73332-DDB0-4C16-BB5B-4C4A3F90BF8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C031C614-E049-4BEC-9D57-D237B19DDB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9169AC-21CB-43EB-8030-8087AC4D9C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5A48AC43-0A31-4A49-8F0F-BD97647DB866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2206E940-7C63-43A5-A041-CA13A84312A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EB051883-3917-414F-8A36-B51E833451E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "445641C8-5D1E-463E-8C00-1CD4E18B2B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "24C72855-1DF6-4456-A68A-89458C2EA7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A84F186F-D5F9-4968-BA39-2B44FFD2119F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2F58F68B-CCB5-408B-A721-05E355E9A2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C41A2AB-BED9-4185-A71B-23F6CF101DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC2C11-F0BB-4763-9B7D-D8ACCD259DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF18770-E861-4689-9040-A6E4BCB03D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77E1C1A9-4835-467D-8FA9-D93814634476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "097B8F4A-66E7-46E9-B624-EA26F8687181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B223E5A-9A4B-466B-BC0F-4C0400E70E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D8237-63CD-4075-B533-3E537A5B0D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8821F99A-24D8-483E-AD56-AA5D34BF47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B6966E-47DA-4852-87E0-E768CCE07012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F638AF98-56CC-44A3-94E7-B7CCBAAFCE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F52F5362-FFE8-49F4-97A9-2BE4D855AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3D62BAAF-5D94-46BA-92EF-1D643D968838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4F66CEF6-B9E8-4A04-9644-304D81E751FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB3E7AF-0B00-4D5E-A59C-F7470D02F534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "346A8E94-05FF-4F44-AED6-1D2589858646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4A05EB89-467D-4787-984F-C92819E40AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C869520F-FBF6-480F-9D84-F03F7A00D1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F950A3B9-9347-4271-9AE2-816BB37F2FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78F12260-F695-492E-9F93-34873E8CD42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C2ACF399-6BD0-4753-A8FA-A7031C5E898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E314819D-7CF9-4DCC-8007-CFE73F3138A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D286118-DA1F-43A4-9B0B-9A340887EA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82E2C445-2CC0-4F4E-BF4E-C2987E273448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB02A9C-AE23-4DF6-88E7-A606A3483036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88AAC1C3-14CE-41F9-A371-769BEF17551E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB04AB6-A380-4620-A196-A295FE7C170D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92BA3D-0A1A-47A9-ABFE-04D66F6BE7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E537B043-413F-4EA3-A6E5-8711DA1C53FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6931F41-690F-4B4C-A637-FBB18DB0895B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "454607A9-6CAA-49F1-81D6-A2D1CC468C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8FD518-C35A-4E90-A8DB-F716F30614F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "75DAA2B2-9A7B-4948-BA48-3AFC5688DD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC9ADBF-6530-4135-8481-7B12DAA86479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "64505573-B426-4E5A-9182-FD716E009351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "55560A17-9FCD-4AD4-9339-B6472D89520F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF1A81F-89F3-4F0A-A04F-0DD461C433EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "99632B5B-563F-434F-B49E-34EE29B6EAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8CBCC863-CE5B-43E2-8331-DDA8AE68E6E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C9CDD3C-6B34-4020-B692-CDE682254B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46071699-8EA1-46BA-ADA1-5F572AF8EF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D4AC339E-A6CC-4621-A4C4-6A39C30BCE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68B923FE-6F43-44FA-8445-6019127DCA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD316D98-1DC4-4DC7-A488-851E94CC5263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9B81FE-4BA6-46B5-B390-1B05CB33C648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E38191D-DD62-476D-BB4A-80094B0FFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875C5002-3E08-47A4-825C-282E6476507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE3222C-1C90-43D1-9E06-A9F867880900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6257D3-FD70-486D-B11A-77FE5904FFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6C894-111B-4432-B93B-989C8007CB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CADCDD21-3665-4460-845F-DE9851607673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DB52A359-2564-4E8D-929A-5402D04CDED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE86BC8-E092-4436-B632-8D117980D242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12C2FF70-9B69-43FD-872D-8E6F1CD59634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2661294-7039-4C6A-8BFA-D790E93415C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B3DBFC-A962-44C3-810D-A9538E328E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51DFB908-1877-4C6F-BAFB-45B3B17CBE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0B96AE1B-9B8B-40D9-99AA-797859FA0EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2C427B-DC2B-41F7-B3FC-BF0D51706F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4648D-E3C7-4C5D-897C-CC27F8082AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "908263DC-2F85-4ED9-AF4A-884609B2A3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CA73A62B-BFA7-4793-96E6-BB832418A259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DE138E72-61A0-4495-86CE-4342B93049CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C473A55A-677C-4D0B-9C0D-D1B3857AE8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D977D160-7B24-4ADD-9818-4C93A9E7D865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "472ACCD4-1B3D-4468-B084-D4E98032FF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8838C987-53ED-4E05-99D1-57A56A899C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C00BB3-3349-4DB3-B753-B36B88E1B9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D567DC5-332F-4F95-BA0B-B076661AB14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8361E43E-9140-49DC-9F06-865BDFC3A60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00DF625C-C5B1-4B7F-BDB4-34F751093104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0124AD54-B58F-4D36-B45F-B836C321067F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8D36D023-BE8C-47EF-934E-4E808FA3C0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56D7CD3E-A98A-4FBD-B267-E69E1711B741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "08621604-0098-45F9-9684-85973F4C3058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2209CD7C-0539-4A36-B40A-D437F6926444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F821217-A3A1-4CAC-9904-80543FD17808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE3BC26-B6CE-4A47-87EE-ABF098D0D553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2B352C86-4538-4266-8FDE-AA8F4FD173AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E569B83B-4DDF-48FE-9143-57CE2D0EBA87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.3.x en versiones anteriores a 3.3.16, 4.0.x en versiones anteriores a 4.0.19 y 5.0.x en versiones anteriores a 5.0.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un adjunto manipulado."
}
],
"id": "CVE-2016-9139",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T02:59:13.843",
"references": [
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/94141"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2016-02-security-update-otrs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2016-02-security-update-otrs/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-19 09:15
Modified
2025-02-13 17:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice
This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2022-15/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2022-15/ | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2A3E3C-3DDF-4242-B173-1EDBFD99D7AC",
"versionEndExcluding": "7.0.40",
"versionStartIncluding": "7.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4430231E-14C4-4C7F-8CA7-F8E36B639ADB",
"versionEndExcluding": "8.0.28",
"versionStartIncluding": "8.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:7.0.40:-:*:*:*:*:*:*",
"matchCriteriaId": "222528AA-E7BC-4FFC-A420-83798C8E9B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:8.0.28:-:*:*:*:*:*:*",
"matchCriteriaId": "3169243C-9150-4E99-8E36-F6EB34D5EDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice\nThis issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition permite la inyecci\u00f3n de SQL a trav\u00e9s de TicketSearch Webservice. Este problema afecta a OTRS: desde 7.0.1 antes de 7.0.40 parche 1, desde 8.0.1 antes de 8.0.28 parche 1 ; ((OTRS)) Community Edition: desde 6.0.1 hasta 6.0.34.\n "
}
],
"id": "CVE-2022-4427",
"lastModified": "2025-02-13T17:15:50.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T09:15:09.707",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 09:15
Modified
2024-11-21 08:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F",
"versionEndExcluding": "7.0.47",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1",
"versionEndExcluding": "8.0.37",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "La carga de im\u00e1genes externas no se bloquea, incluso si est\u00e1 configurada, si el atacante utiliza una URL relativa al protocolo en el payload. Esto se puede utilizar para recuperar la IP del usuario. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde la versi\u00f3n 6.0.X hasta la 6.0.34."
}
],
"id": "CVE-2023-38059",
"lastModified": "2024-11-21T08:12:46.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T09:15:10.243",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=5724 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=5724 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A3EF6526-F67F-4102-AD04-87A55D869368",
"versionEndIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the \"source code\" feature in the customer interface."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente rich-text-editor en Open Ticket Request System (OTRS) anteriores a v3.0.0-beta2, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML usando la caracter\u00edsticas \"source code\" en la interfase del usuario."
}
],
"id": "CVE-2010-4762",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=5724"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=5724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-27 13:15
Modified
2024-11-21 05:11
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-06/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-06/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "D59B7180-350C-4CB2-82F6-DE65E13AEED9",
"versionEndIncluding": "5.0.41",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "0EF80E5E-ED59-4BEE-9EBF-34485DCABED1",
"versionEndIncluding": "6.0.26",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57789F0A-B1F9-4E57-BA71-5558A285D1CA",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
},
{
"lang": "es",
"value": "En las pantallas de inicio de sesi\u00f3n (en la interfaz del agente y cliente), los campos Username y Password usan autocompletar, lo que podr\u00eda ser considerado un problema de seguridad. Este problema afecta a: ((OTRS)) Community Edition: versiones 5.0.41 y anteriores, versiones 6.0.26 y anteriores. OTRS: versiones 7.0.15 y anteriores."
}
],
"id": "CVE-2020-1769",
"lastModified": "2024-11-21T05:11:21.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-27T13:15:15.143",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-06/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-06/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "454607A9-6CAA-49F1-81D6-A2D1CC468C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) 3.3.9 tiene XSS en las peticiones index.pl?Action=AgentStats, tal y como demuestran los ataques OrderBy=[XSS] y Direction=[XSS]. NOTA: este CVE podr\u00eda tener una relevancia limitada, ya que representa un descubrimiento del 2017 de un problema en el software del 2014. La versi\u00f3n 3.3.20, por ejemplo, no se ha visto afectada."
}
],
"id": "CVE-2017-9299",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T19:29:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3426 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3426 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13674017-75BA-4CB9-834F-578D557F1974",
"versionEndIncluding": "2.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.3.6 no gestiona correctamente los mensajes de correo electr\u00f3nico en el que la l\u00ednea De contiene caracteres UTF-8 asociadas con los signos diacr\u00edticos y un juego de caracteres no v\u00e1lidos, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (tickets duplicados y respuestas duplicadas) mediante el env\u00edo de un mensaje hmanipulados a un buz\u00f3n POP3."
}
],
"id": "CVE-2010-4767",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3426"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-21 10:15
Modified
2024-11-21 06:38
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2022-05/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2022-05/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4A676E-C1E1-4153-A576-97CC65CA075C",
"versionEndIncluding": "7.0.32",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99223B86-A86A-46FA-9B44-FBA2D4BBA860",
"versionEndIncluding": "8.0.19",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions."
},
{
"lang": "es",
"value": "Un traductor malicioso es capaz de inyectar c\u00f3digo JavaScript en algunas cadenas traducibles (donde se permite el HTML). El c\u00f3digo podr\u00eda ejecutarse en el administrador de paquetes. Este problema afecta a: OTRS AG OTRS 7.0.x versiones: 7.0.32 y anteriores, 8.0.x versiones: 8.0.19 y anteriores"
}
],
"id": "CVE-2022-0475",
"lastModified": "2024-11-21T06:38:43.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-21T10:15:07.903",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-05/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-20 09:15
Modified
2024-11-21 07:38
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names
This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B1D5F9-829A-4ADB-AF14-B9AE6C06DB67",
"versionEndExcluding": "7.0.42",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2871416-EC98-48A5-9322-49B18DF6D2D0",
"versionEndExcluding": "8.0.31",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names\nThis issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
],
"id": "CVE-2023-1250",
"lastModified": "2024-11-21T07:38:45.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 5.8,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-20T09:15:12.020",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-02/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-17 17:15
Modified
2024-11-21 04:22
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://community.otrs.com/category/security-advisories-en/ | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/category/security-advisories-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D349DFA6-D96A-4453-BD31-D09DEDD86675",
"versionEndIncluding": "5.0.36",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88AAB9C-2497-4438-94D4-9A04F4F5ED9C",
"versionEndIncluding": "6.0.19",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B00766B-5077-4C1A-AFD6-031C8CE766DF",
"versionEndIncluding": "7.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. En el cliente o en la interfaz externa, la informaci\u00f3n personal de los agentes (por ejemplo, Nombre y direcci\u00f3n de correo) se puede divulgar en notas externas."
}
],
"id": "CVE-2019-12497",
"lastModified": "2024-11-21T04:22:58.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-17T17:15:11.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.otrs.com/category/security-advisories-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-17 09:15
Modified
2024-11-21 07:19
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Article template contents with sensitive data could be accessed from agents without permissions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D95AE5E-716F-4AEC-B3F9-11C15D26410A",
"versionEndExcluding": "8.0.26",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Article template contents with sensitive data could be accessed from agents without permissions."
},
{
"lang": "es",
"value": "Se pod\u00eda acceder al contenido de las plantillas de art\u00edculos con datos confidenciales desde agentes sin permisos"
}
],
"id": "CVE-2022-3501",
"lastModified": "2024-11-21T07:19:39.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-17T09:15:12.467",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-21 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4021 | ||
| cve@mitre.org | https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.1 | |
| otrs | otrs | 3.3.2 | |
| otrs | otrs | 3.3.3 | |
| otrs | otrs | 3.3.4 | |
| otrs | otrs | 3.3.5 | |
| otrs | otrs | 3.3.6 | |
| otrs | otrs | 3.3.7 | |
| otrs | otrs | 3.3.8 | |
| otrs | otrs | 3.3.9 | |
| otrs | otrs | 3.3.10 | |
| otrs | otrs | 3.3.11 | |
| otrs | otrs | 3.3.12 | |
| otrs | otrs | 3.3.13 | |
| otrs | otrs | 3.3.14 | |
| otrs | otrs | 3.3.15 | |
| otrs | otrs | 3.3.16 | |
| otrs | otrs | 3.3.17 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.0 | |
| otrs | otrs | 4.0.1 | |
| otrs | otrs | 4.0.2 | |
| otrs | otrs | 4.0.3 | |
| otrs | otrs | 4.0.4 | |
| otrs | otrs | 4.0.5 | |
| otrs | otrs | 4.0.6 | |
| otrs | otrs | 4.0.7 | |
| otrs | otrs | 4.0.8 | |
| otrs | otrs | 4.0.9 | |
| otrs | otrs | 4.0.10 | |
| otrs | otrs | 4.0.11 | |
| otrs | otrs | 4.0.12 | |
| otrs | otrs | 4.0.13 | |
| otrs | otrs | 4.0.14 | |
| otrs | otrs | 4.0.15 | |
| otrs | otrs | 4.0.16 | |
| otrs | otrs | 4.0.17 | |
| otrs | otrs | 4.0.18 | |
| otrs | otrs | 4.0.19 | |
| otrs | otrs | 4.0.20 | |
| otrs | otrs | 4.0.21 | |
| otrs | otrs | 4.0.22 | |
| otrs | otrs | 4.0.23 | |
| otrs | otrs | 4.0.24 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.1 | |
| otrs | otrs | 5.0.2 | |
| otrs | otrs | 5.0.3 | |
| otrs | otrs | 5.0.4 | |
| otrs | otrs | 5.0.5 | |
| otrs | otrs | 5.0.6 | |
| otrs | otrs | 5.0.7 | |
| otrs | otrs | 5.0.8 | |
| otrs | otrs | 5.0.9 | |
| otrs | otrs | 5.0.10 | |
| otrs | otrs | 5.0.11 | |
| otrs | otrs | 5.0.12 | |
| otrs | otrs | 5.0.13 | |
| otrs | otrs | 5.0.14 | |
| otrs | otrs | 5.0.15 | |
| otrs | otrs | 5.0.16 | |
| otrs | otrs | 5.0.17 | |
| otrs | otrs | 5.0.18 | |
| otrs | otrs | 5.0.19 | |
| otrs | otrs | 5.0.20 | |
| otrs | otrs | 5.0.21 | |
| otrs | otrs | 5.0.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F950A3B9-9347-4271-9AE2-816BB37F2FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78F12260-F695-492E-9F93-34873E8CD42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C2ACF399-6BD0-4753-A8FA-A7031C5E898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E314819D-7CF9-4DCC-8007-CFE73F3138A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D286118-DA1F-43A4-9B0B-9A340887EA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82E2C445-2CC0-4F4E-BF4E-C2987E273448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB02A9C-AE23-4DF6-88E7-A606A3483036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88AAC1C3-14CE-41F9-A371-769BEF17551E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB04AB6-A380-4620-A196-A295FE7C170D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92BA3D-0A1A-47A9-ABFE-04D66F6BE7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E537B043-413F-4EA3-A6E5-8711DA1C53FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6931F41-690F-4B4C-A637-FBB18DB0895B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "454607A9-6CAA-49F1-81D6-A2D1CC468C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8FD518-C35A-4E90-A8DB-F716F30614F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "75DAA2B2-9A7B-4948-BA48-3AFC5688DD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC9ADBF-6530-4135-8481-7B12DAA86479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "64505573-B426-4E5A-9182-FD716E009351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "55560A17-9FCD-4AD4-9339-B6472D89520F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF1A81F-89F3-4F0A-A04F-0DD461C433EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C9677F3F-8EF5-40C0-8CDD-DB9B03BDD175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "27751304-9036-4710-B7A5-BEC55AF8B2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "99632B5B-563F-434F-B49E-34EE29B6EAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8CBCC863-CE5B-43E2-8331-DDA8AE68E6E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C9CDD3C-6B34-4020-B692-CDE682254B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46071699-8EA1-46BA-ADA1-5F572AF8EF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D4AC339E-A6CC-4621-A4C4-6A39C30BCE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68B923FE-6F43-44FA-8445-6019127DCA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD316D98-1DC4-4DC7-A488-851E94CC5263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9B81FE-4BA6-46B5-B390-1B05CB33C648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E38191D-DD62-476D-BB4A-80094B0FFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875C5002-3E08-47A4-825C-282E6476507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE3222C-1C90-43D1-9E06-A9F867880900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6257D3-FD70-486D-B11A-77FE5904FFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6C894-111B-4432-B93B-989C8007CB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CADCDD21-3665-4460-845F-DE9851607673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DB52A359-2564-4E8D-929A-5402D04CDED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE86BC8-E092-4436-B632-8D117980D242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12C2FF70-9B69-43FD-872D-8E6F1CD59634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2661294-7039-4C6A-8BFA-D790E93415C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B3DBFC-A962-44C3-810D-A9538E328E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51DFB908-1877-4C6F-BAFB-45B3B17CBE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0B96AE1B-9B8B-40D9-99AA-797859FA0EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2C427B-DC2B-41F7-B3FC-BF0D51706F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4648D-E3C7-4C5D-897C-CC27F8082AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "908263DC-2F85-4ED9-AF4A-884609B2A3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F64E91-CF0C-4C48-94F0-0474A3D484F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "974BFF95-01AC-454D-97CC-A82CA8823FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "654C711F-2C10-4E7A-BFFF-9AD911576CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF723BA-E772-48F8-8B45-753CD372DCEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DD7D5-EBB4-4E7F-8669-FA96FF9E6B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "906E3FE6-2516-474C-9F91-539A77E0085C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CA73A62B-BFA7-4793-96E6-BB832418A259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DE138E72-61A0-4495-86CE-4342B93049CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C473A55A-677C-4D0B-9C0D-D1B3857AE8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D977D160-7B24-4ADD-9818-4C93A9E7D865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "472ACCD4-1B3D-4468-B084-D4E98032FF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8838C987-53ED-4E05-99D1-57A56A899C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C00BB3-3349-4DB3-B753-B36B88E1B9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D567DC5-332F-4F95-BA0B-B076661AB14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8361E43E-9140-49DC-9F06-865BDFC3A60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00DF625C-C5B1-4B7F-BDB4-34F751093104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0124AD54-B58F-4D36-B45F-B836C321067F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8D36D023-BE8C-47EF-934E-4E808FA3C0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56D7CD3E-A98A-4FBD-B267-E69E1711B741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "08621604-0098-45F9-9684-85973F4C3058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2209CD7C-0539-4A36-B40A-D437F6926444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F821217-A3A1-4CAC-9904-80543FD17808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE3BC26-B6CE-4A47-87EE-ABF098D0D553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2B352C86-4538-4266-8FDE-AA8F4FD173AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E569B83B-4DDF-48FE-9143-57CE2D0EBA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A54B103C-3B32-4BD9-BE83-6E8B8D43F51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0052F432-313F-416F-A655-BB5E3E880915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "36E464C4-60E9-43C5-A42E-371B332C859B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0B011E9D-C067-4362-9181-EB568C59944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0FD254-B891-4911-9DBC-C55E67F13C4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE23C83-B4A3-4996-82A5-E19D6D43E0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA401F3-9ADF-4725-825F-7E94AF6589BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B91E306F-59EC-43AC-8208-38FBBB6D2989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0B0D2F-29F9-4648-BB4D-81A70E429872",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection."
},
{
"lang": "es",
"value": "En OTRS (Open Ticket Request System) en versiones 3.3.x anteriores a la 3.3.18, 4.x anteriores a la 4.0.25 y 5.x anteriores a la 5.0.23, los usuarios autenticados remotos pueden utilizar los permisos de escritura de estad\u00edsticas para obtener privilegios mediante la inyecci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2017-14635",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-21T13:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4021"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3045 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3045 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9F78B2A5-B187-4927-BB3E-50E3E4D4CE08",
"versionEndIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.3.0-beta4 comprueba los permisos rw, en lugar de configurar el permiso de uni\u00f3n, durante el proceso de autorizaci\u00f3n de operaciones de combinaci\u00f3n, lo que podr\u00eda permitir a usuarios remotos autenticados eludir las restricciones de acceso previsto por la fusi\u00f3n de dos tickets."
}
],
"id": "CVE-2008-7277",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3045"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-01 00:01
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://adamziaja.com/poc/201401-xss-otrs.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/57018 | Vendor Advisory | |
| cve@mitre.org | http://www.osvdb.org/103781 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/65844 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/36842/ | Exploit | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2014-03-xss-issue | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://adamziaja.com/poc/201401-xss-otrs.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57018 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/103781 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/65844 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/36842/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2014-03-xss-issue | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.1 | |
| otrs | otrs | 3.3.2 | |
| otrs | otrs | 3.3.3 | |
| otrs | otrs | 3.3.4 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.1 | |
| otrs | otrs | 3.2.2 | |
| otrs | otrs | 3.2.3 | |
| otrs | otrs | 3.2.4 | |
| otrs | otrs | 3.2.5 | |
| otrs | otrs | 3.2.6 | |
| otrs | otrs | 3.2.7 | |
| otrs | otrs | 3.2.8 | |
| otrs | otrs | 3.2.9 | |
| otrs | otrs | 3.2.10 | |
| otrs | otrs | 3.2.14 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 | |
| otrs | otrs | 3.1.10 | |
| otrs | otrs | 3.1.11 | |
| otrs | otrs | 3.1.13 | |
| otrs | otrs | 3.1.14 | |
| otrs | otrs | 3.1.15 | |
| otrs | otrs | 3.1.16 | |
| otrs | otrs | 3.1.17 | |
| otrs | otrs | 3.1.18 | |
| otrs | otrs | 3.1.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F950A3B9-9347-4271-9AE2-816BB37F2FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78F12260-F695-492E-9F93-34873E8CD42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C2ACF399-6BD0-4753-A8FA-A7031C5E898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E314819D-7CF9-4DCC-8007-CFE73F3138A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D286118-DA1F-43A4-9B0B-9A340887EA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82E2C445-2CC0-4F4E-BF4E-C2987E273448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB02A9C-AE23-4DF6-88E7-A606A3483036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88AAC1C3-14CE-41F9-A371-769BEF17551E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2206E940-7C63-43A5-A041-CA13A84312A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EB051883-3917-414F-8A36-B51E833451E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "445641C8-5D1E-463E-8C00-1CD4E18B2B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "24C72855-1DF6-4456-A68A-89458C2EA7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A84F186F-D5F9-4968-BA39-2B44FFD2119F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2F58F68B-CCB5-408B-A721-05E355E9A2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C41A2AB-BED9-4185-A71B-23F6CF101DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC2C11-F0BB-4763-9B7D-D8ACCD259DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF18770-E861-4689-9040-A6E4BCB03D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77E1C1A9-4835-467D-8FA9-D93814634476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "097B8F4A-66E7-46E9-B624-EA26F8687181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B223E5A-9A4B-466B-BC0F-4C0400E70E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D8237-63CD-4075-B533-3E537A5B0D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8821F99A-24D8-483E-AD56-AA5D34BF47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B6966E-47DA-4852-87E0-E768CCE07012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F638AF98-56CC-44A3-94E7-B7CCBAAFCE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F52F5362-FFE8-49F4-97A9-2BE4D855AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "346A8E94-05FF-4F44-AED6-1D2589858646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5189FACC-454A-4AFD-A08C-0F4F7158EDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5959FA82-043D-42A6-BB7A-C4D37350C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DC1416-3EBF-4FA9-9A4E-0737BFFD4DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DBAFD-3213-4473-8F3A-783035D6ED9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D1729DB9-48DB-49D5-8F81-567D01B91866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AF271-B4CA-4217-A96A-835133AF517B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF17BC5-DEB1-47A1-9734-14F56F0B8DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A73332-DDB0-4C16-BB5B-4C4A3F90BF8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C031C614-E049-4BEC-9D57-D237B19DDB0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.20, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.5 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un email HTML manipulado."
}
],
"id": "CVE-2014-1695",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-01T00:01:08.200",
"references": [
{
"source": "cve@mitre.org",
"url": "http://adamziaja.com/poc/201401-xss-otrs.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57018"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/103781"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65844"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/36842/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-03-xss-issue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://adamziaja.com/poc/201401-xss-otrs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/103781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/36842/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-03-xss-issue"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-05 07:15
Modified
2024-11-21 07:17
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2330DDC0-20DF-4031-A4A3-017F0E73C08A",
"versionEndIncluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB57B12-C33A-499A-AD20-7608053FB2B1",
"versionEndExcluding": "7.0.37",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9BA949-D450-43E5-907C-CC981270C588",
"versionEndExcluding": "8.0.25",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS."
},
{
"lang": "es",
"value": "Un atacante que haya iniciado sesi\u00f3n en OTRS como usuario administrador puede manipular la URL para causar una ejecuci\u00f3n de JavaScript en el contexto de OTRS"
}
],
"id": "CVE-2022-39049",
"lastModified": "2024-11-21T07:17:27.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-05T07:15:07.980",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-10/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 09:15
Modified
2024-11-21 08:41
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Summary
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs
immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F",
"versionEndExcluding": "7.0.47",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1",
"versionEndExcluding": "8.0.37",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "Un atacante que haya iniciado sesi\u00f3n en OTRS como usuario con privilegios para crear y cambiar datos de usuario del cliente puede manipular el campo CustomerID para ejecutar c\u00f3digo JavaScript que se ejecuta inmediatamente despu\u00e9s de guardar los datos. El problema solo ocurre si se cambi\u00f3 la configuraci\u00f3n de AdminCustomerUser::UseAutoComplete antes. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde 6.0.X hasta 6.0.34."
}
],
"id": "CVE-2023-5421",
"lastModified": "2024-11-21T08:41:44.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T09:15:11.940",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-10 13:15
Modified
2024-11-21 04:18
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.otrs.com/category/release-and-security-notes-en/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://otrs.com/release-notes/otrs-security-advisory-2019-07/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/category/release-and-security-notes-en/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2019-07/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C68C6B27-26D4-453E-9142-3C193A4A530E",
"versionEndIncluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Open Ticket Request System (OTRS) versiones 7.0 hasta la versi\u00f3n 7.0.6. Un atacante que est\u00e1 registrado en OTRS como un usuario cliente puede usar unas pantallas de resultados de b\u00fasqueda para divulgar informaci\u00f3n de los art\u00edculos internos de las FAQ, una vulnerabilidad diferente de CVE-2019-9753."
}
],
"id": "CVE-2019-10065",
"lastModified": "2024-11-21T04:18:19.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-10T13:15:12.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 09:15
Modified
2025-02-13 17:16
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.
This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2023-04/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2023-04/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "63B08C08-56D6-40F4-B481-BC8672FD7AC8",
"versionEndExcluding": "7.0.45",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4F6AD29E-B905-4974-95EE-23E9C05186C0",
"versionEndExcluding": "8.0.35",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.\u00a0\n\n\nThis issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34."
}
],
"id": "CVE-2023-38060",
"lastModified": "2025-02-13T17:16:47.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T09:15:10.073",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-20 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| cve@mitre.org | http://otrs.org/advisory/OSA-2010-02-en/ | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/41381 | Vendor Advisory | |
| cve@mitre.org | http://security-tracker.debian.org/tracker/CVE-2010-2080 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/43264 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/61868 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2010-02-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41381 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security-tracker.debian.org/tracker/CVE-2010-2080 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/43264 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/61868 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no espec\u00edficos."
}
],
"id": "CVE-2010-2080",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-20T21:00:01.923",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41381"
},
{
"source": "cve@mitre.org",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/43264"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3462 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3462 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56272C04-B43A-4CAE-A12E-829A4000037E",
"versionEndIncluding": "2.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
},
{
"lang": "es",
"value": "La funci\u00f3n S/MIME en Open Ticket Request System (OTRS) anterior a v2.3.4 no configura el RANDFILE y las variables de entorno HOME para OpenSSL, lo que podr\u00eda facilitar a los atacantes remotos descifrar los mensajes de correo electr\u00f3nico que ten\u00edan menos entrop\u00eda de la prevista para las operaciones de cifrado, relacionado con la imposibilidad de escribir en el fichero de la generaci\u00f3n de semillas para la clave."
}
],
"id": "CVE-2009-5057",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3462"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=3462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=5975 | Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=5975 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3A172CF0-C279-48AF-A5B7-E504A5AD90ED",
"versionEndIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v3.0.0-beta6 adiciona los email-notification-ext a los tickets durante el procesamiento de las notificaciones basadas en eventos, que permite a usuarios remotos autenticados para obtener informaci\u00f3n sensible mediante la lectura de un ticket."
}
],
"id": "CVE-2010-4760",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5975"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=5975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 08:15
Modified
2024-11-21 07:06
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC37884-BF0A-4F67-AFC3-1C95BE001A55",
"versionEndExcluding": "7.0.35",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01314391-90B9-4D17-9571-7EE08FEF0D5C",
"versionEndExcluding": "8.0.23",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances."
},
{
"lang": "es",
"value": "Una respuesta a un art\u00edculo de correo electr\u00f3nico reenviado por un tercero podr\u00eda exponer involuntariamente el contenido del correo electr\u00f3nico al cliente del ticket bajo determinadas circunstancias"
}
],
"id": "CVE-2022-32740",
"lastModified": "2024-11-21T07:06:51.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T08:15:19.030",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-08/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-08/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 14:15
Modified
2024-11-21 05:11
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-11/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-11/ | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "06492F1B-5810-429D-BB78-8706F9E74AEE",
"versionEndIncluding": "5.0.42",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "03EA383C-3BB5-46CF-AEBE-C2B3B92446A6",
"versionEndIncluding": "6.0.27",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59B100A3-DB5D-466B-BFA3-094EB95A0E4E",
"versionEndIncluding": "7.0.16",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it\u0027s possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions."
},
{
"lang": "es",
"value": "Cuando el usuario descarga claves y certificados de PGP o S/MIME, el archivo exportado presenta el mismo nombre para las claves privadas y p\u00fablicas. Por lo tanto, es posible mezclarlos y enviar la clave privada a un tercero en lugar de la clave p\u00fablica. Este problema afecta a ((OTRS)) Community Edition: versiones 5.0.42 y anteriores, versiones 6.0.27 y anteriores. OTRS: versiones 7.0.16 y anteriores."
}
],
"id": "CVE-2020-1774",
"lastModified": "2024-11-21T05:11:21.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T14:15:14.283",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-11/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-05 07:15
Modified
2024-11-21 07:17
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2330DDC0-20DF-4031-A4A3-017F0E73C08A",
"versionEndIncluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB57B12-C33A-499A-AD20-7608053FB2B1",
"versionEndExcluding": "7.0.37",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9BA949-D450-43E5-907C-CC981270C588",
"versionEndExcluding": "8.0.25",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap"
},
{
"lang": "es",
"value": "Un atacante que haya iniciado sesi\u00f3n en OTRS como usuario administrador puede manipular el campo de la URL del cliente para almacenar c\u00f3digo JavaScript que ser\u00e1 ejecutado posteriormente por cualquier otro agente cuando haga clic en el enlace de la URL del cliente. Entonces el JavaScript almacenado es ejecutado en el contexto de OTRS. El mismo problema es aplicado al uso de fuentes de datos externas, por ejemplo, bases de datos o ldap"
}
],
"id": "CVE-2022-39050",
"lastModified": "2024-11-21T07:17:27.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-05T07:15:08.063",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-11/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=6302 | Exploit, Patch | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=6302 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31908521-D707-4E12-BE6A-E9A6B34AF94E",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."
},
{
"lang": "es",
"value": "installer.pl en Open Ticket Request System (OTRS) anterior a v3.0.3 tiene un campo Inbound Mail Password que utiliza texto claro, en lugar de el tipo password, por su elemento INPUT, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes f\u00edsicamente pr\u00f3ximos a obtener la contrase\u00f1a mediante la lectura de la pantalla del equipo."
}
],
"id": "CVE-2010-4758",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6302"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=6302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-23 15:55
Modified
2025-04-12 10:46
Severity ?
Summary
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html | ||
| cve@mitre.org | http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 12.3 | |
| opensuse | opensuse | 13.1 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.10 | |
| otrs | otrs | 3.1.11 | |
| otrs | otrs | 3.1.13 | |
| otrs | otrs | 3.1.14 | |
| otrs | otrs | 3.1.15 | |
| otrs | otrs | 3.1.16 | |
| otrs | otrs | 3.1.17 | |
| otrs | otrs | 3.1.18 | |
| otrs | otrs | 3.1.19 | |
| otrs | otrs | 3.1.20 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.1 | |
| otrs | otrs | 3.2.2 | |
| otrs | otrs | 3.2.3 | |
| otrs | otrs | 3.2.4 | |
| otrs | otrs | 3.2.5 | |
| otrs | otrs | 3.2.6 | |
| otrs | otrs | 3.2.10 | |
| otrs | otrs | 3.2.11 | |
| otrs | otrs | 3.2.12 | |
| otrs | otrs | 3.2.13 | |
| otrs | otrs | 3.2.14 | |
| otrs | otrs | 3.2.15 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.1 | |
| otrs | otrs | 3.3.2 | |
| otrs | otrs | 3.3.3 | |
| otrs | otrs | 3.3.4 | |
| otrs | otrs | 3.3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5189FACC-454A-4AFD-A08C-0F4F7158EDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5959FA82-043D-42A6-BB7A-C4D37350C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DC1416-3EBF-4FA9-9A4E-0737BFFD4DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DBAFD-3213-4473-8F3A-783035D6ED9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D1729DB9-48DB-49D5-8F81-567D01B91866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AF271-B4CA-4217-A96A-835133AF517B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF17BC5-DEB1-47A1-9734-14F56F0B8DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A73332-DDB0-4C16-BB5B-4C4A3F90BF8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C031C614-E049-4BEC-9D57-D237B19DDB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9169AC-21CB-43EB-8030-8087AC4D9C50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2206E940-7C63-43A5-A041-CA13A84312A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EB051883-3917-414F-8A36-B51E833451E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "445641C8-5D1E-463E-8C00-1CD4E18B2B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "24C72855-1DF6-4456-A68A-89458C2EA7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A84F186F-D5F9-4968-BA39-2B44FFD2119F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2F58F68B-CCB5-408B-A721-05E355E9A2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C41A2AB-BED9-4185-A71B-23F6CF101DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC2C11-F0BB-4763-9B7D-D8ACCD259DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF18770-E861-4689-9040-A6E4BCB03D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77E1C1A9-4835-467D-8FA9-D93814634476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "097B8F4A-66E7-46E9-B624-EA26F8687181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B223E5A-9A4B-466B-BC0F-4C0400E70E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D8237-63CD-4075-B533-3E537A5B0D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F52F5362-FFE8-49F4-97A9-2BE4D855AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3D62BAAF-5D94-46BA-92EF-1D643D968838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4F66CEF6-B9E8-4A04-9644-304D81E751FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB3E7AF-0B00-4D5E-A59C-F7470D02F534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "346A8E94-05FF-4F44-AED6-1D2589858646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4A05EB89-467D-4787-984F-C92819E40AD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F950A3B9-9347-4271-9AE2-816BB37F2FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78F12260-F695-492E-9F93-34873E8CD42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C2ACF399-6BD0-4753-A8FA-A7031C5E898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E314819D-7CF9-4DCC-8007-CFE73F3138A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D286118-DA1F-43A4-9B0B-9A340887EA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82E2C445-2CC0-4F4E-BF4E-C2987E273448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB02A9C-AE23-4DF6-88E7-A606A3483036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88AAC1C3-14CE-41F9-A371-769BEF17551E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB04AB6-A380-4620-A196-A295FE7C170D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element."
},
{
"lang": "es",
"value": "OTRS 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a atacantes remotos realizar ataques de clickjacking a trav\u00e9s de un elemento IFRAME."
}
],
"id": "CVE-2014-2554",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-23T15:55:04.017",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-21 14:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| cve@mitre.org | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "92CBFC5A-5DBE-40B4-BC25-84E50DBF8799",
"versionEndIncluding": "5.0.36",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "7797BAF4-EBCD-49B4-B5BC-E19B6EEE5DF9",
"versionEndIncluding": "6.0.19",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B00766B-5077-4C1A-AFD6-031C8CE766DF",
"versionEndIncluding": "7.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, y Community Edition 5.0.x hasta 5.0.36 y 6.0.x hasta 6.0.19. Un atacante que haya iniciado sesi\u00f3n en OTRS como un usuario agente con los permisos apropiados puede aprovechar las etiquetas de notificaci\u00f3n de OTRS en las plantillas para revelar las contrase\u00f1as de usuario con hash."
}
],
"id": "CVE-2019-13458",
"lastModified": "2024-11-21T04:24:56.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-21T14:15:10.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-10 10:15
Modified
2025-03-24 14:11
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive
cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.x
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2025-05/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94C7FB8D-6F6C-4C2C-8F52-EE231CDFB848",
"versionEndIncluding": "2025.1.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\n\u00a0\n\nThis issue affects:\n\n * OTRS 7.0.X\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n * OTRS 2025.x"
},
{
"lang": "es",
"value": "Una vulnerabilidad en OTRS Application Server permite el secuestro de sesiones debido a la falta de atributos para configuraciones de cookies confidenciales en sesiones HTTPS. Una solicitud a un endpoint de OTRS desde un posible sitio web malicioso enviar\u00eda la cookie de autenticaci\u00f3n y realizar\u00eda una operaci\u00f3n de lectura no deseada. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x"
}
],
"id": "CVE-2025-24387",
"lastModified": "2025-03-24T14:11:20.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-10T10:15:14.360",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-05/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1275"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-13 22:29
Modified
2024-11-21 04:02
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework | Mitigation, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE1362-A15E-4E51-B6C1-9B0807401C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F47157E2-F03F-4088-B2DA-E7D5C5636FA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Open Ticket Request System (OTRS), en sus CVErsiones 5.0.31 y 6.0.13. Los usuarios que actualicen a la CVErsi\u00f3n 6.0.13 (tambi\u00e9n actualizaciones a niCVEl de parche) o 5.0.31 (solo actualizaciones principales) experimentar\u00e1n una p\u00e9rdida de datos en su tabla de preferencias de agente."
}
],
"id": "CVE-2018-20800",
"lastModified": "2024-11-21T04:02:12.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-13T22:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-10 15:15
Modified
2024-11-21 05:11
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-01/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-01/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| debian | debian_linux | 8.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "930593FF-E99D-46BB-AABD-9562CC94B8D3",
"versionEndIncluding": "5.0.39",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "69D1FDA1-32D6-4793-AB1D-ED9F0A17939F",
"versionEndIncluding": "6.0.24",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D86D6CD7-52CC-47B5-8075-462D4A3099FC",
"versionEndIncluding": "7.0.13",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."
},
{
"lang": "es",
"value": "Un control inapropiado de los par\u00e1metros permite la suplantaci\u00f3n de los campos de las siguientes pantallas: AgentTicketCompose, AgentTicketForward, AgentTicketBounce y AgentTicketEmailOutbound. Este problema afecta a: ((OTRS)) Community Edition versiones 5.0.x versi\u00f3n 5.0.39 y anteriores; versiones 6.0.x versi\u00f3n 6.0.24 y anteriores. OTRS versiones 7.0.x versi\u00f3n 7.0.13 y anteriores."
}
],
"id": "CVE-2020-1765",
"lastModified": "2024-11-21T05:11:20.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-10T15:15:11.723",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-472"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-18 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| cve@mitre.org | http://otrs.org/advisory/OSA-2011-01-en/ | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44029 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44479 | ||
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2231 | ||
| cve@mitre.org | http://www.osvdb.org/71790 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/47323 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/1186 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/66698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2011-01-en/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44029 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44479 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2231 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/71790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47323 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1186 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66698 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 | |
| otrs | otrs | 3.0.5 | |
| otrs | otrs | 3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) v2.4.x anterior a v2.4.10 y 3.x anterior a v3.0.7 permite a atacantes remotos inyectar script web de su elecci\u00f3n o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-1518",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-18T18:55:02.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2011-01-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44029"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44479"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2231"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/71790"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47323"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1186"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2011-01-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-27 13:15
Modified
2024-11-21 05:11
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-09/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-09/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "D59B7180-350C-4CB2-82F6-DE65E13AEED9",
"versionEndIncluding": "5.0.41",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "0EF80E5E-ED59-4BEE-9EBF-34485DCABED1",
"versionEndIncluding": "6.0.26",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57789F0A-B1F9-4E57-BA71-5558A285D1CA",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
},
{
"lang": "es",
"value": "Es posible dise\u00f1ar peticiones de Contrase\u00f1a Perdida con wildcards en el valor de Token, permite a un atacante recuperar Token(s) v\u00e1lidos, generados por usuarios que ya solicitaron nuevas contrase\u00f1as. Este problema afecta a: ((OTRS)) Community Edition versiones 5.0.41 y anteriores, versiones 6.0.26 y anteriores. OTRS; versiones 7.0.15 y anteriores."
}
],
"id": "CVE-2020-1772",
"lastModified": "2024-11-21T05:11:21.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-27T13:15:15.393",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-09/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-09/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-155"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-29 21:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=113272360804853&w=2 | ||
| cve@mitre.org | http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://otrs.org/advisory/OSA-2005-01-en/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17685/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/18101 | ||
| cve@mitre.org | http://secunia.com/advisories/18887 | ||
| cve@mitre.org | http://securitytracker.com/id?1015262 | ||
| cve@mitre.org | http://www.debian.org/security/2006/dsa-973 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_30_sr.html | ||
| cve@mitre.org | http://www.osvdb.org/21064 | ||
| cve@mitre.org | http://www.osvdb.org/21065 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/15537/ | Exploit, Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/2535 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/23352 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/23354 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=113272360804853&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://otrs.org/advisory/OSA-2005-01-en/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17685/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18887 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015262 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_30_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/21064 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/21065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15537/ | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2535 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23354 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action."
}
],
"id": "CVE-2005-3893",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-29T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18101"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18887"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015262"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21064"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21065"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15537/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23352"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113272360804853\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otrs.org/advisory/OSA-2005-01-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17685/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15537/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23354"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=4105 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=4105 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | Exploit, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E53F95-8829-42A4-B702-F39E2E8DC507",
"versionEndIncluding": "2.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.4.4 permite el acceso a las subcadenas b\u00e1sicas de un d\u00edgito simple del valor CustomerID, que permite a usuarios remotos autenticados eludir las restricciones de acceso previsto en circunstancias oportunistas visualizando un ticket, como se demuestra mediante el aprovechamiento de la cuenta CustomerID 12 para leer tickets que deben estar disponibles s\u00f3lo para los CustomerID 1 o 2."
}
],
"id": "CVE-2009-5055",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4105"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-27 13:15
Modified
2024-11-21 05:11
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-07/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-07/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | * | |
| otrs | otrs | * | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "D59B7180-350C-4CB2-82F6-DE65E13AEED9",
"versionEndIncluding": "5.0.41",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "0EF80E5E-ED59-4BEE-9EBF-34485DCABED1",
"versionEndIncluding": "6.0.26",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57789F0A-B1F9-4E57-BA71-5558A285D1CA",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
},
{
"lang": "es",
"value": "Unos archivos generados por el paquete de soporte podr\u00edan contener informaci\u00f3n confidencial que podr\u00eda sin querer ser revelada. Este problema afecta a: ((OTRS)) Community Edition: versiones 5.0.41 y anteriores, versiones 6.0.26 y anteriores. OTRS: versiones 7.0.15 y anteriores."
}
],
"id": "CVE-2020-1770",
"lastModified": "2024-11-21T05:11:21.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-27T13:15:15.253",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-07/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-07/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-27 13:15
Modified
2024-11-21 05:11
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| security@otrs.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-08/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-08/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "D59B7180-350C-4CB2-82F6-DE65E13AEED9",
"versionEndIncluding": "5.0.41",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "0EF80E5E-ED59-4BEE-9EBF-34485DCABED1",
"versionEndIncluding": "6.0.26",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57789F0A-B1F9-4E57-BA71-5558A285D1CA",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
},
{
"lang": "es",
"value": "Un atacante es capaz de dise\u00f1ar un art\u00edculo con un enlace hacia la libreta de direcciones del cliente con contenido malicioso (JavaScript). Cuando el agente abre el enlace, el c\u00f3digo JavaScript es ejecutado debido a la falta de codificaci\u00f3n de par\u00e1metros. Este problema afecta a: ((OTRS)) Community Edition: versiones 6.0.26 y anteriores. OTRS: versiones 7.0.15 y anteriores."
}
],
"id": "CVE-2020-1771",
"lastModified": "2024-11-21T05:11:21.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-27T13:15:15.333",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "security@otrs.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "security@otrs.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-08/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-08/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-04 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/102661 | ||
| cve@mitre.org | http://secunia.com/advisories/56644 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/56655 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2014/dsa-2867 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/01/29/15 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/65241 | ||
| cve@mitre.org | https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82 | Patch | |
| cve@mitre.org | https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d | Patch | |
| cve@mitre.org | https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949 | Patch | |
| cve@mitre.org | https://www.otrs.com/release-notes-otrs-help-desk-3-3-4 | ||
| cve@mitre.org | https://www.otrs.com/security-advisory-2014-02-sql-injection-issue | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/102661 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56644 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56655 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2014/dsa-2867 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/01/29/15 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/65241 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/release-notes-otrs-help-desk-3-3-4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2014-02-sql-injection-issue | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.0 | |
| otrs | otrs | 3.3.1 | |
| otrs | otrs | 3.3.2 | |
| otrs | otrs | 3.3.3 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.0 | |
| otrs | otrs | 3.2.1 | |
| otrs | otrs | 3.2.2 | |
| otrs | otrs | 3.2.3 | |
| otrs | otrs | 3.2.4 | |
| otrs | otrs | 3.2.5 | |
| otrs | otrs | 3.2.6 | |
| otrs | otrs | 3.2.7 | |
| otrs | otrs | 3.2.8 | |
| otrs | otrs | 3.2.9 | |
| otrs | otrs | 3.2.10 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 | |
| otrs | otrs | 3.1.10 | |
| otrs | otrs | 3.1.11 | |
| otrs | otrs | 3.1.13 | |
| otrs | otrs | 3.1.14 | |
| otrs | otrs | 3.1.15 | |
| otrs | otrs | 3.1.16 | |
| otrs | otrs | 3.1.17 | |
| otrs | otrs | 3.1.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F950A3B9-9347-4271-9AE2-816BB37F2FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78F12260-F695-492E-9F93-34873E8CD42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C2ACF399-6BD0-4753-A8FA-A7031C5E898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E314819D-7CF9-4DCC-8007-CFE73F3138A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D286118-DA1F-43A4-9B0B-9A340887EA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82E2C445-2CC0-4F4E-BF4E-C2987E273448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB02A9C-AE23-4DF6-88E7-A606A3483036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2206E940-7C63-43A5-A041-CA13A84312A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EB051883-3917-414F-8A36-B51E833451E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "445641C8-5D1E-463E-8C00-1CD4E18B2B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "24C72855-1DF6-4456-A68A-89458C2EA7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A84F186F-D5F9-4968-BA39-2B44FFD2119F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2F58F68B-CCB5-408B-A721-05E355E9A2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C41A2AB-BED9-4185-A71B-23F6CF101DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC2C11-F0BB-4763-9B7D-D8ACCD259DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF18770-E861-4689-9040-A6E4BCB03D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77E1C1A9-4835-467D-8FA9-D93814634476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "097B8F4A-66E7-46E9-B624-EA26F8687181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B223E5A-9A4B-466B-BC0F-4C0400E70E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D8237-63CD-4075-B533-3E537A5B0D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8821F99A-24D8-483E-AD56-AA5D34BF47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B6966E-47DA-4852-87E0-E768CCE07012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F638AF98-56CC-44A3-94E7-B7CCBAAFCE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F52F5362-FFE8-49F4-97A9-2BE4D855AF3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5189FACC-454A-4AFD-A08C-0F4F7158EDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5959FA82-043D-42A6-BB7A-C4D37350C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DC1416-3EBF-4FA9-9A4E-0737BFFD4DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DBAFD-3213-4473-8F3A-783035D6ED9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D1729DB9-48DB-49D5-8F81-567D01B91866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AF271-B4CA-4217-A96A-835133AF517B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF17BC5-DEB1-47A1-9734-14F56F0B8DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A73332-DDB0-4C16-BB5B-4C4A3F90BF8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n StateGetStatesByType en Kernel/System/State.pm en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.19, 3.2.x anterior a 3.2.14 y 3.3.x anterior a 3.3.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores relacionados con la URL de b\u00fasqueda de tickets."
}
],
"id": "CVE-2014-1471",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-04T21:55:05.310",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/102661"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56644"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56655"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65241"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949"
},
{
"source": "cve@mitre.org",
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-02-sql-injection-issue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-02-sql-injection-issue"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-05 15:15
Modified
2024-11-21 04:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "A3696F1E-CAFD-4281-A6C0-D6448D147C82",
"versionEndExcluding": "5.0.39",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2FEC0F6C-EEFF-4229-B6A7-6B62431122C2",
"versionEndExcluding": "6.0.24",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA369D7-345D-41D8-97B7-7A182F328F8A",
"versionEndExcluding": "7.0.13",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions."
},
{
"lang": "es",
"value": "Una Comprobaci\u00f3n Inapropiada de nombres de archivo con extensiones sumamente largas en PostMaster (enviando en correo electr\u00f3nico) o carga de archivos (por ejemplo, adjuntar archivos a correos) de ((OTRS)) Community Edition y OTRS, permite a un atacante remoto causar un bucle infinito. Este problema afecta a: OTRS AG: ((OTRS)) Community Edition versiones 5.0.x versi\u00f3n 5.0.38 y anteriores; versiones 6.0.x versi\u00f3n 6.0.23 y anteriores. OTRS AG: OTRS versiones 7.0.x versi\u00f3n 7.0.12 y anteriores."
}
],
"id": "CVE-2019-18180",
"lastModified": "2024-11-21T04:32:46.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-05T15:15:11.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-21 16:15
Modified
2024-11-21 01:54
Severity ?
Summary
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2013-0196.html | Third Party Advisory | |
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html | Broken Link | |
| cve@mitre.org | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.securityfocus.com/bid/60688/discuss | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2013-0196.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/60688/discuss | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADB16D4-A0BF-4D62-9281-59DA1FE9C781",
"versionEndExcluding": "3.0.21",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82CDCF39-8358-4E04-9589-DE480A716AA3",
"versionEndExcluding": "3.1.17",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F67FF-5B27-4A30-A68D-F2901F0AA4A5",
"versionEndExcluding": "3.2.8",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
},
{
"lang": "es",
"value": "El archivo Kernel/Modules/AgentTicketWatcher.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.21, versiones 3.1.x anteriores a 3.1.17, y versiones 3.2.x anteriores a 3.2.8, no restringe apropiadamente los tickets, lo cual permite a atacantes remotos con un inicio de sesi\u00f3n de agente v\u00e1lido, leer tickets restringidos por medio de una URL dise\u00f1ada que implica el mecanismo de divisi\u00f3n de tickets."
}
],
"id": "CVE-2013-4088",
"lastModified": "2024-11-21T01:54:51.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-21T16:15:11.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/60688/discuss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/60688/discuss"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-06 15:15
Modified
2024-11-21 06:13
Severity ?
5.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3B2D503B-661B-43EC-9902-D0613A037AA4",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "336DCF0F-236B-46A0-A112-A201F9B6014D",
"versionEndExcluding": "7.0.29",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "48EBDE7F-60BB-4F61-9042-8FF68EF728A6",
"versionEndExcluding": "8.0.16",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
},
{
"lang": "es",
"value": "Unos Paquetes de Soporte Generados contienen claves privadas S/MIME y PGP si la carpeta que los contiene no est\u00e1 oculta. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versi\u00f3n 6.0.x, versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS versi\u00f3n 7.0.x, versi\u00f3n 7.0.28 y versiones anteriores; versi\u00f3n 8.0.x, versi\u00f3n 8.0.15 y versiones anteriores."
}
],
"id": "CVE-2021-36096",
"lastModified": "2024-11-21T06:13:09.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-06T15:15:07.203",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-10/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=4818 | Exploit | |
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=4818 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB30A898-A6EE-4845-A864-9A5D7A98C6FB",
"versionEndIncluding": "2.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client."
},
{
"lang": "es",
"value": "La caracter\u00edstica AgentTicketForward en Open Ticket Request System (OTRS) anteriores a v2.4.7 no elimina correctamente las im\u00e1genes incluidas en mensajes de correo electr\u00f3nico HTML, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible de la imagen en circunstancias oportunistas mediante la lectura de un mensaje enviado con un cliente de correo est\u00e1ndar."
}
],
"id": "CVE-2010-4766",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4818"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=4818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-08 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4066 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43853/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4066 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43853/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 4.0.1 | |
| otrs | otrs | 4.0.2 | |
| otrs | otrs | 4.0.3 | |
| otrs | otrs | 4.0.4 | |
| otrs | otrs | 4.0.5 | |
| otrs | otrs | 4.0.6 | |
| otrs | otrs | 4.0.7 | |
| otrs | otrs | 4.0.8 | |
| otrs | otrs | 4.0.9 | |
| otrs | otrs | 4.0.10 | |
| otrs | otrs | 4.0.11 | |
| otrs | otrs | 4.0.12 | |
| otrs | otrs | 4.0.13 | |
| otrs | otrs | 4.0.14 | |
| otrs | otrs | 4.0.15 | |
| otrs | otrs | 4.0.16 | |
| otrs | otrs | 4.0.17 | |
| otrs | otrs | 4.0.18 | |
| otrs | otrs | 4.0.19 | |
| otrs | otrs | 4.0.20 | |
| otrs | otrs | 4.0.21 | |
| otrs | otrs | 4.0.22 | |
| otrs | otrs | 4.0.23 | |
| otrs | otrs | 4.0.24 | |
| otrs | otrs | 4.0.25 | |
| otrs | otrs | 4.0.26 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.0 | |
| otrs | otrs | 5.0.1 | |
| otrs | otrs | 5.0.2 | |
| otrs | otrs | 5.0.3 | |
| otrs | otrs | 5.0.4 | |
| otrs | otrs | 5.0.5 | |
| otrs | otrs | 5.0.6 | |
| otrs | otrs | 5.0.7 | |
| otrs | otrs | 5.0.8 | |
| otrs | otrs | 5.0.9 | |
| otrs | otrs | 5.0.10 | |
| otrs | otrs | 5.0.11 | |
| otrs | otrs | 5.0.12 | |
| otrs | otrs | 5.0.13 | |
| otrs | otrs | 5.0.14 | |
| otrs | otrs | 5.0.15 | |
| otrs | otrs | 5.0.16 | |
| otrs | otrs | 5.0.17 | |
| otrs | otrs | 5.0.18 | |
| otrs | otrs | 5.0.19 | |
| otrs | otrs | 5.0.20 | |
| otrs | otrs | 5.0.21 | |
| otrs | otrs | 5.0.22 | |
| otrs | otrs | 5.0.23 | |
| otrs | otrs | 5.0.24 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.0 | |
| otrs | otrs | 6.0.1 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD316D98-1DC4-4DC7-A488-851E94CC5263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9B81FE-4BA6-46B5-B390-1B05CB33C648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E38191D-DD62-476D-BB4A-80094B0FFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875C5002-3E08-47A4-825C-282E6476507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE3222C-1C90-43D1-9E06-A9F867880900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6257D3-FD70-486D-B11A-77FE5904FFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6C894-111B-4432-B93B-989C8007CB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CADCDD21-3665-4460-845F-DE9851607673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DB52A359-2564-4E8D-929A-5402D04CDED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE86BC8-E092-4436-B632-8D117980D242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12C2FF70-9B69-43FD-872D-8E6F1CD59634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2661294-7039-4C6A-8BFA-D790E93415C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B3DBFC-A962-44C3-810D-A9538E328E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51DFB908-1877-4C6F-BAFB-45B3B17CBE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0B96AE1B-9B8B-40D9-99AA-797859FA0EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2C427B-DC2B-41F7-B3FC-BF0D51706F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4648D-E3C7-4C5D-897C-CC27F8082AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "908263DC-2F85-4ED9-AF4A-884609B2A3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F64E91-CF0C-4C48-94F0-0474A3D484F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "974BFF95-01AC-454D-97CC-A82CA8823FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "654C711F-2C10-4E7A-BFFF-9AD911576CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF723BA-E772-48F8-8B45-753CD372DCEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DD7D5-EBB4-4E7F-8669-FA96FF9E6B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "906E3FE6-2516-474C-9F91-539A77E0085C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDBC4C4-2FCF-46DE-B5DF-60933563AB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:4.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "CA65E992-3401-4DE0-AB45-68D59063814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E34A190-EFB8-4746-AECF-6309FE803A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "8F8B3028-82F5-4B21-81B9-408533C7F524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CA73A62B-BFA7-4793-96E6-BB832418A259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DE138E72-61A0-4495-86CE-4342B93049CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C473A55A-677C-4D0B-9C0D-D1B3857AE8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D977D160-7B24-4ADD-9818-4C93A9E7D865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "472ACCD4-1B3D-4468-B084-D4E98032FF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8838C987-53ED-4E05-99D1-57A56A899C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C00BB3-3349-4DB3-B753-B36B88E1B9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D567DC5-332F-4F95-BA0B-B076661AB14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8361E43E-9140-49DC-9F06-865BDFC3A60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00DF625C-C5B1-4B7F-BDB4-34F751093104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0124AD54-B58F-4D36-B45F-B836C321067F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8D36D023-BE8C-47EF-934E-4E808FA3C0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56D7CD3E-A98A-4FBD-B267-E69E1711B741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "08621604-0098-45F9-9684-85973F4C3058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2209CD7C-0539-4A36-B40A-D437F6926444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F821217-A3A1-4CAC-9904-80543FD17808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE3BC26-B6CE-4A47-87EE-ABF098D0D553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2B352C86-4538-4266-8FDE-AA8F4FD173AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E569B83B-4DDF-48FE-9143-57CE2D0EBA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A54B103C-3B32-4BD9-BE83-6E8B8D43F51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0052F432-313F-416F-A655-BB5E3E880915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "36E464C4-60E9-43C5-A42E-371B332C859B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0B011E9D-C067-4362-9181-EB568C59944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0FD254-B891-4911-9DBC-C55E67F13C4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE23C83-B4A3-4996-82A5-E19D6D43E0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA401F3-9ADF-4725-825F-7E94AF6589BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B91E306F-59EC-43AC-8208-38FBBB6D2989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0B0D2F-29F9-4648-BB4D-81A70E429872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5496643A-DCC8-472F-8BDB-D11A76E0B6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:5.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4256A6A4-A692-4709-98D4-B805E6078A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3ED863-6A35-4774-90BD-C7CEC377D5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "BF7F16FD-2DA4-4C52-8B43-724250EED343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "416C5325-B3B7-49C6-8CB9-C40965456A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EC9D448F-0BF4-4A8B-A845-503DEA6CA85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3771FD9B-C1C4-42D2-AB37-ED177482BCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6E997CBD-3D10-4E08-9AA6-1A4DD5A5C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3E6EDA86-F295-4DB6-83D7-A54886F39F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5E4F8D76-ADD7-41F6-816F-43CED6AFB061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2491453A-3458-4D07-94A0-80A1AB8AF0DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user."
},
{
"lang": "es",
"value": "En OTRS en versiones 6.0.x hasta e incluyendo 6.0.1; OTRS 5.0.x hasta e incluyendo 5.0.24 y OTRS 4.0.x hasta e incluyendo 4.0.26, un atacante que haya iniciado sesi\u00f3n en OTRS como agente puede manipular los par\u00e1metros de formulario (relacionados con PGP) y ejecutar comandos shell arbitrarios con los permisos del usuario OTRS o del servidor web."
}
],
"id": "CVE-2017-16921",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-08T15:29:00.323",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43853/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43853/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=6131 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=6131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 | |
| otrs | otrs | 2.3.2 | |
| otrs | otrs | 2.3.3 | |
| otrs | otrs | 2.3.4 | |
| otrs | otrs | 2.3.5 | |
| otrs | otrs | 2.3.6 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF16699-8830-4C39-B901-7A4A0A940803",
"versionEndIncluding": "2.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9999856-A8BD-43D3-88D4-FADEB44D0B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature."
},
{
"lang": "es",
"value": "Open Ticket Request System (OTRS) anteriores a v2.4.10, y v3.x anteriores a v3.0.3, no presente las advertencias sobre los mensajes entrantes de correo electr\u00f3nico cifrados que se basaron en claves PGP o GPG revocadas, lo que facilitar\u00eda a los atacantes remotos espiar correo electr\u00f3nico de mediante el aprovechamiento de una clave que tiene una firma de revocaci\u00f3n."
}
],
"id": "CVE-2010-4764",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.640",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=6131"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=6131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-18 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.otrs.org/show_bug.cgi?id=3287 | ||
| cve@mitre.org | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.otrs.org/show_bug.cgi?id=3287 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | * | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 0.5 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0 | |
| otrs | otrs | 1.0.0 | |
| otrs | otrs | 1.0.1 | |
| otrs | otrs | 1.0.2 | |
| otrs | otrs | 1.1 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.0 | |
| otrs | otrs | 1.1.1 | |
| otrs | otrs | 1.1.2 | |
| otrs | otrs | 1.1.3 | |
| otrs | otrs | 1.1.4 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.0 | |
| otrs | otrs | 1.2.1 | |
| otrs | otrs | 1.2.2 | |
| otrs | otrs | 1.2.3 | |
| otrs | otrs | 1.2.4 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.0 | |
| otrs | otrs | 1.3.1 | |
| otrs | otrs | 1.3.2 | |
| otrs | otrs | 1.3.3 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.0 | |
| otrs | otrs | 2.0.1 | |
| otrs | otrs | 2.0.2 | |
| otrs | otrs | 2.0.3 | |
| otrs | otrs | 2.0.4 | |
| otrs | otrs | 2.0.5 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.0 | |
| otrs | otrs | 2.1.1 | |
| otrs | otrs | 2.1.2 | |
| otrs | otrs | 2.1.3 | |
| otrs | otrs | 2.1.4 | |
| otrs | otrs | 2.1.5 | |
| otrs | otrs | 2.1.6 | |
| otrs | otrs | 2.1.7 | |
| otrs | otrs | 2.1.8 | |
| otrs | otrs | 2.1.9 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.0 | |
| otrs | otrs | 2.2.1 | |
| otrs | otrs | 2.2.2 | |
| otrs | otrs | 2.2.3 | |
| otrs | otrs | 2.2.4 | |
| otrs | otrs | 2.2.5 | |
| otrs | otrs | 2.2.6 | |
| otrs | otrs | 2.2.7 | |
| otrs | otrs | 2.2.8 | |
| otrs | otrs | 2.2.9 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.0 | |
| otrs | otrs | 2.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26177B71-DCF7-46C7-AA3C-6E13F1721309",
"versionEndIncluding": "2.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF62E279-212F-40B4-B2B3-429D6A6164BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEFC32-3880-4CEA-9AD1-B1669A3CACE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A9CD5E-655A-423B-805B-8953122D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCF69B-4DB6-423E-BCE9-7CAEA74B1568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9307C840-9EEE-4A23-8FAF-258D683E14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F2752-5D88-4007-96C8-DFA1697B0AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29823A84-ACC0-410F-B2A5-C659C8F06625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2BC10A3E-F32A-4A16-BDD2-930ADB973693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1D368E58-79AD-4C55-B867-A75FF3F98DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8AAF73C6-FCCE-43C7-BD67-F8CFC4EA3A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09EF0162-5102-4F95-82CF-DF541B50858D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) anteriores a v2.3.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con (1) AgentTicketMailbox or (2) CustomerTicketOverView."
}
],
"id": "CVE-2008-7275",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-18T16:55:01.347",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3287"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-07 16:15
Modified
2024-11-21 05:11
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Summary
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F33A5BA-898D-4FF8-BC4D-D910131698BE",
"versionEndIncluding": "7.0.14",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions."
},
{
"lang": "es",
"value": "El sistema frontend externo usa numerosas llamadas en segundo plano al backend. Cada petici\u00f3n en segundo plano es tratada como actividad del usuario, por lo que la SessionMaxIdleTime no ser\u00e1 alcanzada. Este problema afecta a: OTRS versiones 7.0.x, versi\u00f3n 7.0.14 y versiones anteriores."
}
],
"id": "CVE-2020-1768",
"lastModified": "2024-11-21T05:11:20.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-07T16:15:11.113",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-03 19:29
Modified
2024-11-21 04:52
Severity ?
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5439FA8C-BDA4-4B70-ABDF-3ACABC4FC73E",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Open Ticket Request System (OTRS) 7.x anterior de la versi\u00f3n 7.0.5. Un atacante que haya iniciado sesi\u00f3n en OTRS como agente o usuario cliente puede usar las pantallas de resultados de b\u00fasqueda para revelar informaci\u00f3n de entidades del sistema no v\u00e1lidas. A continuaci\u00f3n se muestra la lista de entidades afectadas: P\u00e1ginas personalizadas, Art\u00edculos de preguntas frecuentes, Elementos del cat\u00e1logo de servicios, Elementos de configuraci\u00f3n de ITSM"
}
],
"id": "CVE-2019-9753",
"lastModified": "2024-11-21T04:52:14.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-03T19:29:03.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-17 09:15
Modified
2024-11-21 07:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2330DDC0-20DF-4031-A4A3-017F0E73C08A",
"versionEndIncluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "356B7CBB-2B85-40FB-B348-A2C8A0DC26F0",
"versionEndExcluding": "7.0.39",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D95AE5E-716F-4AEC-B3F9-11C15D26410A",
"versionEndExcluding": "8.0.26",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system"
},
{
"lang": "es",
"value": "Un atacante externo es capaz de enviar un correo electr\u00f3nico especialmente dise\u00f1ado (con muchos destinatarios) y desencadenar un potencial DoS del sistema"
}
],
"id": "CVE-2022-39052",
"lastModified": "2024-11-21T07:17:27.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-17T09:15:12.310",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 09:15
Modified
2024-11-21 08:41
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F",
"versionEndExcluding": "7.0.47",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1",
"versionEndExcluding": "8.0.37",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\n\nThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\n\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "Las funciones para recuperar correos electr\u00f3nicos a trav\u00e9s de POP3 o IMAP, as\u00ed como enviar correos electr\u00f3nicos a trav\u00e9s de SMTP, utilizan OpenSSL para comunicaciones basadas en SSL o TLS est\u00e1ticas. Como no se utiliza la funci\u00f3n SSL_get_verify_result(), el certificado siempre es confiable y no se puede garantizar que el certificado cumpla con todos los requisitos de seguridad necesarios. Esto podr\u00eda permitir a un atacante utilizar un certificado no v\u00e1lido para afirmar que es un host confiable, utilizar certificados caducados o realizar otros ataques que podr\u00edan detectarse si el certificado se valida correctamente. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde 6.0.X hasta 6.0.34."
}
],
"id": "CVE-2023-5422",
"lastModified": "2024-11-21T08:41:44.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T09:15:12.013",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-06 14:15
Modified
2024-11-21 06:13
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3B2D503B-661B-43EC-9902-D0613A037AA4",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"matchCriteriaId": "336DCF0F-236B-46A0-A112-A201F9B6014D",
"versionEndExcluding": "7.0.29",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions."
},
{
"lang": "es",
"value": "Es posible dise\u00f1ar una petici\u00f3n para la pantalla de edici\u00f3n de citas, lo que podr\u00eda conllevar a un ataque de tipo XSS. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versi\u00f3n 6.0.x, versi\u00f3n 6.0.1 y versiones posteriores. OTRS AG OTRS versi\u00f3n 7.0.x, versi\u00f3n 7.0.28 y versiones anteriores."
}
],
"id": "CVE-2021-36094",
"lastModified": "2024-11-21T06:13:08.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-06T14:15:07.257",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-17/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-10 15:15
Modified
2024-11-21 05:11
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html | Mailing List, Third Party Advisory | |
| security@otrs.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2020-03/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://otrs.com/release-notes/otrs-security-advisory-2020-03/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "69D1FDA1-32D6-4793-AB1D-ED9F0A17939F",
"versionEndIncluding": "6.0.24",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D86D6CD7-52CC-47B5-8075-462D4A3099FC",
"versionEndIncluding": "7.0.13",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."
},
{
"lang": "es",
"value": "Agent A es capaz de guardar un borrador (es decir, para la respuesta del cliente). Luego, Agent B puede abrir el borrador, cambiar el texto por completo y enviarlo a nombre del Agente A. Para el cliente, no ser\u00e1 visible que el mensaje fue enviado por otro agente. Este problema afecta a: ((OTRS)) Community Edition versiones 6.0.x versi\u00f3n 6.0.24 y anteriores. OTRS versiones 7.0.x versi\u00f3n 7.0.13 y anteriores."
}
],
"id": "CVE-2020-1767",
"lastModified": "2024-11-21T05:11:20.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-10T15:15:12.160",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-17 18:15
Modified
2024-11-21 04:22
Severity ?
Summary
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| cve@mitre.org | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.otrs.com/category/release-and-security-notes-en/ | Release Notes, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "92CBFC5A-5DBE-40B4-BC25-84E50DBF8799",
"versionEndIncluding": "5.0.36",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "7797BAF4-EBCD-49B4-B5BC-E19B6EEE5DF9",
"versionEndIncluding": "6.0.19",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2BD494BE-3E2E-4377-9683-8889F9FC66CA",
"versionEndIncluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.7, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. Un atacante podr\u00eda enviar un correo electr\u00f3nico malicioso a un sistema OTRS. Si un usuario de agente registrado lo cita, el correo electr\u00f3nico podr\u00eda hacer que el navegador cargue recursos de imagen externos."
}
],
"id": "CVE-2019-12248",
"lastModified": "2024-11-21T04:22:28.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-17T18:15:10.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.otrs.com/category/release-and-security-notes-en/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-29 10:15
Modified
2024-11-21 08:58
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
When adding attachments to ticket comments,
another user can add attachments as well impersonating the orginal user. The attack requires a
logged-in other user to know the UUID. While the legitimate user
completes the comment, the malicious user can add more files to the
comment.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E47E75A-C9A9-40EE-A5DE-B4CDD98E7B7F",
"versionEndExcluding": "7.0.49",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9B2075-4C3E-48C9-96DA-655E4F29325A",
"versionEndExcluding": "2024.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\n\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "Al agregar archivos adjuntos a los comentarios del ticket, otro usuario puede agregar archivos adjuntos y hacerse pasar por el usuario original. El ataque requiere que otro usuario que haya iniciado sesi\u00f3n conozca el UUID. Mientras el usuario leg\u00edtimo completa el comentario, el usuario malintencionado puede agregar m\u00e1s archivos al comentario. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.48, desde 8.0.X hasta 8.0.37, desde 2023.X hasta 2023.1.1."
}
],
"id": "CVE-2024-23792",
"lastModified": "2024-11-21T08:58:25.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-29T10:15:08.683",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
jvndb-2011-000019
Vulnerability from jvndb
Published
2011-03-07 18:19
Modified
2011-03-07 18:19
Summary
OTRS vulnerable to OS command injection
Details
OTRS contains an OS command injection vulnerability.
OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000019.html",
"dc:date": "2011-03-07T18:19+09:00",
"dcterms:issued": "2011-03-07T18:19+09:00",
"dcterms:modified": "2011-03-07T18:19+09:00",
"description": "OTRS contains an OS command injection vulnerability.\r\n\r\nOTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000019.html",
"sec:cpe": {
"#text": "cpe:/a:otrs:otrs",
"@product": "OTRS",
"@vendor": "OTRS",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000019",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73162541/index.html",
"@id": "JVN#73162541",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0456",
"@id": "CVE-2011-0456",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0456",
"@id": "CVE-2011-0456",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "OTRS vulnerable to OS command injection"
}