Skip to main content

Otrs CVE-2019-9753

MEDIUM
Information Exposure (CWE-200)
2019-06-03 cve@mitre.org
4.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 03, 2019 - 19:29 nvd
MEDIUM 4.3

DescriptionNVD

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.

AnalysisAI

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items. Affected products include: Otrs. Version information: before 7.0.5..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Otrs

View all
CVE-2017-16921 HIGH POC
8.8 Dec 08

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.2

CVE-2018-7567 HIGH POC
7.2 Mar 04

In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenti

CVE-2014-1694 MEDIUM POC
6.8 Feb 04

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm,

CVE-2017-9299 MEDIUM POC
6.1 May 29

Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS]

CVE-2024-23790 CRITICAL
9.8 Jan 29

Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to

CVE-2022-4427 CRITICAL
9.8 Dec 19

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via Tic

CVE-2012-4751 MEDIUM POC
4.3 Oct 22

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x befor

CVE-2026-48188 CRITICAL
9.1 Jun 01

Unauthenticated SQL injection in OTRS and the legacy ((OTRS)) Community Edition database layer enables authentication by

CVE-2023-5422 CRITICAL
9.1 Oct 16

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS base

CVE-2017-9324 HIGH
8.8 Jun 12

In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with

CVE-2017-16664 HIGH
8.8 Nov 21

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26

CVE-2014-1695 MEDIUM POC
4.3 Mar 01

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15,

Share

CVE-2019-9753 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy