Lucene search

K

MitreCVELIST:CVE-2019-13458

HistoryAug 21, 2019 - 12:00 a.m.

CVE-2019-13458

2019-08-2100:00:00

mitre

www.cve.org

6

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

72.0%

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/

lists.debian.org/debian-lts-announce/2019/08/msg00018.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html

www.otrs.com/category/release-and-security-notes-en/

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

72.0%

Related for CVELIST:CVE-2019-13458

osv3 prion1 debiancve1 nvd1 cve1 openvas5 ubuntucve1 debian2 nessus4 suse3