CVE-2019-10065

An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://community.otrs.com/category/release-and-security-notes-en/	Release Notes Vendor Advisory
https://otrs.com/release-notes/otrs-security-advisory-2019-07/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-10 13:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-10065

Mitre link : CVE-2019-10065

CVE.ORG link : CVE-2019-10065

JSON object : View

Products Affected

otrs

otrs

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-10065", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-03-10T13:15:12.423", "references": [{"url": "https://community.otrs.com/category/release-and-security-notes-en/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Open Ticket Request System (OTRS) versiones 7.0 hasta la versi\u00f3n 7.0.6. Un atacante que est\u00e1 registrado en OTRS como un usuario cliente puede usar unas pantallas de resultados de b\u00fasqueda para divulgar informaci\u00f3n de los art\u00edculos internos de las FAQ, una vulnerabilidad diferente de CVE-2019-9753."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C68C6B27-26D4-453E-9142-3C193A4A530E", "versionEndIncluding": "7.0.6", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}