6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
6.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
The file upload feature in OTRS and ((OTRS)) Community Edition has a path
traversal vulnerability. This issue permits authenticated agents or
customer users to upload potentially harmful files to directories
accessible by the web server, potentially leading to the execution of local
code like Perl scripts. This issue affects OTRS: from 7.0.X through 7.0.49,
8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition:
from 6.0.1 through 6.0.34.
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
6.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%