Page 14 of 149 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-1765 – Spoofing of From field in several screens

https://notcve.org/view.php?id=CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. Un control inapropiado de los parámetros permite la suplantación de los campos de las siguientes pantallas: AgentTicketCompose, AgentTicketForward, AgentTicketBounce y AgentTicketEmailOutbound. Este problema afecta a: ((OTRS)) Community Edition versiones 5.0.x versión 5.0.39 y anteriores; versiones 6.0.x versión 6.0.24 y anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2020-01 • CWE-472: External Control of Assumed-Immutable Web Parameter •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2019-18179

https://notcve.org/view.php?id=CVE-2019-18179

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. Se descubrió un problema en Open Ticket Request System (OTRS) versiones 7.0.x hasta la versión 7.0.12, y Community Edition versiones 5.0.x hasta 5.0.38 y 6.0.x hasta 6.0.23. Un atacante que ha iniciado sesión en OTRS como un agente es capaz de enumerar los tickets asignados a otros agentes, inclusive los tickets en una cola donde el atacante no tiene permisos. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2019-18180 – Denial of service

https://notcve.org/view.php?id=CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions. Una Comprobación Inapropiada de nombres de archivo con extensiones sumamente largas en PostMaster (enviando en correo electrónico) o carga de archivos (por ejemplo, adjuntar archivos a correos) de ((OTRS)) Community Edition y OTRS, permite a un atacante remoto causar un bucle infinito. Este problema afecta a: OTRS AG: ((OTRS)) Community Edition versiones 5.0.x versión 5.0.38 y anteriores; versiones 6.0.x versión 6.0.23 y anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 1%CPEs: 14EXPL: 0

CVE-2013-2625

https://notcve.org/view.php?id=CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified Existe un problema de Omisión de Acceso en OTRS Help Desk versiones anteriores a la versión 3.2.4, 3.1.14 y 3.0.19, OTRS ITSM versiones anteriores a la versión 3.2.3, 3.1.8 y 3.0.7, y FAQ versiones anteriores a la versión 2.2.3, 2.1.4, y 2.0.8. Los derechos de acceso por el mecanismo de enlace de objetos no son comprobados. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html http://www.securityfocus.com/bid/58936 https://exchange.xforce.ibmcloud.com/vulnerabilities/83287 https://security-tracker.debian.org/tracker/CVE-2013-2625 • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2019-12746

https://notcve.org/view.php?id=CVE-2019-12746

An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user. Se descubrió un problema en el Open Ticket Request System (OTRS) Community Edition 5.0.x hasta 5.0.36 y 6.0.x hasta 6.0.19. Un usuario que inició sesión en OTRS como agente podría revelar sin saberlo su ID de sesión al compartir el enlace de un artículo de ticket incrustado con terceros. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://www.otrs.com/category/release-and-security-notes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •