CVE-2018-14593 - An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.

CVE-2018-14593

Summary

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.

References

Vulnerable Configurations

cpe:2.3:a:otrs:open_ticket_request_system:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:open_ticket_request_system:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

confirm	https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de
debian	DSA-4317
mlist	[debian-lts-announce] 20180821 [SECURITY] [DLA 1473-1] otrs2 security update

Last major update

03-10-2019 - 00:03

Published

04-08-2018 - 01:29

Last modified

03-10-2019 - 00:03