CVE-2019-10065 : An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6.

An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.

Published 2020-03-10 13:15:12

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-10065

Otrs » Otrs
Versions from including (>=) 7.0.0 and up to, including, (<=) 7.0.6
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-10065

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-10065

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2019-10065

https://otrs.com/release-notes/otrs-security-advisory-2019-07/

OTRS Security Advisory 2019-07 | OTRS
Vendor Advisory
https://community.otrs.com/category/release-and-security-notes-en/

Release Notes | ((OTRS)) Community Edition
Release Notes;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-10065

Products affected by CVE-2019-10065

Exploit prediction scoring system (EPSS) score for CVE-2019-10065

CVSS scores for CVE-2019-10065

References for CVE-2019-10065