CVE-2019-9892
MEDIUM6.5EPSS 0.43%otrs2 - security update
Published: 5/22/2019Modified: 4/28/2026
Also known as:DEBIAN-CVE-2019-9892
Description
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
Affected packages (2)
- Debian/otrs2from 0, < 6.0.18-1
- Debian/otrs2from 0, < 3.3.18-1+deb8u9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |