CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10067
https://notcve.org/view.php?id=CVE-2019-10067
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. Se encontró un problema en Open Ticket Request System (OTRS) versión 7.x hasta 7.0.6 y en Community Edition versión versión 5.0.x hasta 5.0.35 y versión 6.0.x hasta 6.0.17. Un atacante logeado en OTRS como un agente de usuario con los permisos apropiados puede manipular la URL para provocar la ejecución de JavaScript en el contexto de OTRS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-9752
https://notcve.org/view.php?id=CVE-2019-9752
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 5.x anteriores a la 5.0.34, CVErsiones 6.x anteriores a la 6.0.16 y CVErsiones 7.x anteriores a la 7.0.4. Un atacante que haya iniciado sesión en OTRS como usuario agente o cliente podría subir un recurso manipulado para provocar la ejecución de JavaScript en el contexto de OTRS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2018-7567 – OTRS Command Injection
https://notcve.org/view.php?id=CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary. ** EN DISPUTA ** En el Admin Package Manager en Open Ticket Request System (OTRS) 5.0.0 hasta 5.0.24 y 6.0.0 hasta 6.0.1, los administradores autenticados pueden explotar una vulnerabilidad de ejecución remota de código ciega cargando un archivo opm manipulado mediante un elemento CodeInstall para ejecutar un comando en el servidor mediante la instalación de paquetes. NOTA: el fabricante discute este problema argumentando que "el comportamiento se ha diseñado así y es necesario para que diferentes paquetes sean instalados", "hay una advertencia de seguridad si el paquete no está verificado por OTRS Group" y "es posible y la responsabilidad de un administrador comprobar los paquetes antes de instalarlos, lo que es posible porque no son binarios". OTRS versions 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1 suffer from remote code execution vulnerabilities. • https://0day.today/exploit/29938 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-17476
https://notcve.org/view.php?id=CVE-2017-17476
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. Open Ticket Request System (OTRS) en versiones 4.0.x anteriores a la 4.0.28, 5.0.x anteriores a la 5.0.26 y 6.0.x anteriores a la 6.0.3, cuando el soporte de cookies está desactivado, podría permitir a los atacantes remotos secuestrar las sesiones web y ganar privilegios en consecuencia mediante un email manipulado. • https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html https://www.debian.org/security/2017/dsa-4069 https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-16854
https://notcve.org/view.php?id=CVE-2017-16854
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. En Open Ticket Request System (OTRS) hasta la versión 3.3.20; en las versiones 4 hasta la 4.0.26; en las versiones 5 hasta la 5.0.24 y en las versiones 6 hasta la 6.0.1, un atacante que ha iniciado sesión como cliente puede emplear el formulario de búsqueda de tickets para revelar información interna de artículos de sus tickets de cliente. • https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html https://www.debian.org/security/2017/dsa-4066 https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •