CVSS: 4.9EPSS: 0%CPEs: 95EXPL: 0CVE-2010-4765
https://notcve.org/view.php?id=CVE-2010-4765
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets. Condición de carrera en el método Kernel::System::Main::FileWrite en Open Ticket Request System (OTRS) anterior a v2.4.8 permite a usuarios remotos autenticados corromper los datos en TicketCounter.log en circunstancias oportunistas mediante la creación de tickets. • http://bugs.otrs.org/show_bug.cgi?id=4936 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 1.9EPSS: 0%CPEs: 107EXPL: 1CVE-2010-4758
https://notcve.org/view.php?id=CVE-2010-4758
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. installer.pl en Open Ticket Request System (OTRS) anterior a v3.0.3 tiene un campo Inbound Mail Password que utiliza texto claro, en lugar de el tipo password, por su elemento INPUT, lo que hace que sea más fácil para los atacantes físicamente próximos a obtener la contraseña mediante la lectura de la pantalla del equipo. • http://bugs.otrs.org/show_bug.cgi?id=6302 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 • CWE-310: Cryptographic Issues •
CVSS: 4.0EPSS: 0%CPEs: 104EXPL: 0CVE-2010-4759
https://notcve.org/view.php?id=CVE-2010-4759
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search. Open Ticket Request System (OTRS) anteriores a v3.0.0-beta7 no restringen correctamente la fecha de los tickets que se encuentran dentro del ámbito de una búsqueda, lo que permite a usuarios remotos autenticados causar una denegación de servicio (cuelgue del demonio) a través de una búsqueda de texto completo. • http://bugs.otrs.org/show_bug.cgi?id=1639 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 103EXPL: 0CVE-2010-4760
https://notcve.org/view.php?id=CVE-2010-4760
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. Open Ticket Request System (OTRS) anteriores a v3.0.0-beta6 adiciona los email-notification-ext a los tickets durante el procesamiento de las notificaciones basadas en eventos, que permite a usuarios remotos autenticados para obtener información sensible mediante la lectura de un ticket. • http://bugs.otrs.org/show_bug.cgi?id=5975 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 100EXPL: 0CVE-2010-4761
https://notcve.org/view.php?id=CVE-2010-4761
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog. El cuadro de diálogo de interfaz de cliente de impresión de tickets en Open Ticket Request System (OTRS) anterior a v3.0.0-beta3 no restringe de forma correcta los datos visibles del cliente, lo que permite a usuarios remotos autenticados obtener información sensible de los campos (1) responsible, (2) owner, (3) accounted time, (4) pending until, y (5) lock mediante la lectura de este cuadro de diálogo. • http://bugs.otrs.org/show_bug.cgi?id=5875 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 • CWE-264: Permissions, Privileges, and Access Controls •