CVE-2019-9753
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.
Se descubrió un problema en Open Ticket Request System (OTRS) 7.x anterior de la versión 7.0.5. Un atacante que haya iniciado sesión en OTRS como agente o usuario cliente puede usar las pantallas de resultados de búsqueda para revelar información de entidades del sistema no válidas. A continuación se muestra la lista de entidades afectadas: Páginas personalizadas, Artículos de preguntas frecuentes, Elementos del catálogo de servicios, Elementos de configuración de ITSM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-13 CVE Reserved
- 2019-06-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 7.0.0 < 7.0.5 Search vendor "Otrs" for product "Otrs" and version " >= 7.0.0 < 7.0.5" | - |
Affected
| ||||||