otrs (SUSE:Package Hub 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 package otrs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (18)
CVE-2020-1773 — CVSS 7.3 (high): An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting…
CVE-2019-13458 — CVSS 6.5 (medium): An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x…
CVE-2020-1772 — CVSS 6.5 (medium): It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s)…
CVE-2019-12746 — CVSS 6.5 (medium): An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged…
CVE-2019-9892 — CVSS 6.5 (medium): An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who…
CVE-2019-9752 — CVSS 5.4 (medium): An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is…
CVE-2019-16375 — CVSS 5.4 (medium): An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x…
CVE-2019-10067 — CVSS 5.4 (medium): An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through…
CVE-2019-18180 — CVSS 5.3 (medium): Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to…
CVE-2019-12497 — CVSS 5.3 (medium): An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community…
CVE-2020-1771 — CVSS 4.6 (medium): Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link…
CVE-2019-18179 — CVSS 4.3 (medium): An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x…
CVE-2019-12248 — CVSS 4.3 (medium): An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community…
CVE-2019-13457 — CVSS 4.3 (medium): An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose…
CVE-2020-1769 — CVSS 3.5 (low): In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as…
CVE-2020-1765 — CVSS 3.5 (low): An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward…
CVE-2020-1770 — CVSS 2.4 (low): Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS))…
CVE-2020-1766 — CVSS 2.0 (low): Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute…