Vulnerability Details : CVE-2019-13458
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
Products affected by CVE-2019-13458
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
- Otrs » Otrs » Community EditionVersions from including (>=) 6.0.0 and up to, including, (<=) 6.0.19cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
- Otrs » Otrs » Community EditionVersions from including (>=) 5.0.0 and up to, including, (<=) 5.0.36cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13458
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13458
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
2.7
|
LOW | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
MITRE | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2019-13458
-
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
[security-announce] openSUSE-SU-2020:0551-1: moderate: Recommended updatBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
[security-announce] openSUSE-SU-2020:1475-1: moderate: Recommended updatBroken Link
-
https://www.otrs.com/category/release-and-security-notes-en/
Release and Security Notes Archive | community.otrs.comRelease Notes
-
https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
Security Advisory 2019-12: Security Update for OTRS Framework - | community.otrs.comPatch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html
[SECURITY] [DLA 1877-1] otrs2 security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
[SECURITY] [DLA 3551-1] otrs2 security update
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
[security-announce] openSUSE-SU-2020:1509-1: moderate: Recommended updatBroken Link
Jump to