CVE-2019-9892
MEDIUM6.5EPSS 0.43%otrs2 - security update
發布日:2019/5/22修改日:2026/4/28
也稱為:DEBIAN-CVE-2019-9892
描述
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
受影響套件(2)
- Debian/otrs2from 0, < 6.0.18-1
- Debian/otrs2from 0, < 3.3.18-1+deb8u9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |