Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2019-13458
HistoryAug 21, 2019 - 2:15 p.m.

CVE-2019-13458

2019-08-2114:15:10
Debian Security Bug Tracker
security-tracker.debian.org
14

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

72.0%

JSON

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.

OSVersionArchitecturePackageVersionFilename
Debian11allotrs2< 6.0.20-1otrs2_6.0.20-1_all.deb

Related

osv 3
prion 1
nvd 1
cve 1
openvas 5
ubuntucve 1
cvelist 1
debian 2
nessus 4
suse 3
osv
osv
CVE-2019-13458
2019-08-21 14:15:10
otrs2 - security update
2019-08-12 00:00:00
otrs2 - security update
2023-08-31 00:00:00
prion
prion
Design/Logic Flaw
2019-08-21 14:15:00
nvd
nvd
CVE-2019-13458
2019-08-21 14:15:10
cve
cve
CVE-2019-13458
2019-08-21 14:15:10
openvas
openvas
OTRS 5.0.x < 5.0.37, 6.0.x < 6.0.20, 7.0.x < 7.0.9 Information Disclosure Vulnerability
2019-08-22 00:00:00
Debian: Security Advisory (DLA-1877-1)
2019-08-15 00:00:00
openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0551-1)
2020-04-26 00:00:00
ubuntucve
ubuntucve
CVE-2019-13458
2019-08-21 00:00:00
cvelist
cvelist
CVE-2019-13458
2019-08-21 00:00:00
debian
debian
[SECURITY] [DLA 1877-1] otrs2 security update
2019-08-14 11:55:11
[SECURITY] [DLA 3551-1] otrs2 security update
2023-08-31 00:20:25
nessus
nessus
Debian DLA-1877-1 : otrs2 security update
2019-08-20 00:00:00
openSUSE Security Update : otrs (openSUSE-2020-551)
2020-04-28 00:00:00
openSUSE Security Update : otrs (openSUSE-2020-1475)
2020-09-23 00:00:00
suse
suse
Recommended update for otrs (moderate)
2020-04-25 00:00:00
Recommended update for otrs (moderate)
2020-09-23 00:00:00
Recommended update for otrs (moderate)
2020-09-20 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

72.0%

JSON
Related for DEBIANCVE:CVE-2019-13458
osv3prion1nvd1cve1openvas5ubuntucve1cvelist1debian2nessus4suse3