Vulnerability Details : CVE-2019-18180
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.
Products affected by CVE-2019-18180
- cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
- cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18180
1.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18180
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
MITRE | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-18180
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18180
-
https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
Security Advisory 2019-15: Security Update for OTRS Framework - | community.otrs.comPatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
[security-announce] openSUSE-SU-2020:0551-1: moderate: Recommended updatBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
[security-announce] openSUSE-SU-2020:1475-1: moderate: Recommended updatBroken Link
-
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
[SECURITY] [DLA 3551-1] otrs2 security update
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
[security-announce] openSUSE-SU-2020:1509-1: moderate: Recommended updatBroken Link
Jump to