PT-2018-12603 · Otrs+1 · Otrs+1

Francesco Sirocco

Published

2018-08-03

Updated

2019-10-03

CVE-2018-14593

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 4.0.x through 4.0.30 Open Ticket Request System (OTRS) versions 5.0.x through 5.0.28 Open Ticket Request System (OTRS) versions 6.0.x through 6.0.9

Description An issue was discovered that allows an attacker who is logged in as an agent to escalate their privileges by accessing a specially crafted URL.

Recommendations For versions 4.0.x through 4.0.30, update to a version that contains a fix for this issue. For versions 5.0.x through 5.0.28, update to a version that contains a fix for this issue. For versions 6.0.x through 6.0.9, update to a version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-14593

DLA-1473-1

DSA-4317-1

OPENSUSE-SU-2018_3005-1

Affected Products

Otrs

Suse

PT-2018-12603 · Otrs+1 · Otrs+1

CVE-2018-14593

Related Identifiers

Affected Products

References · 13