CVE Vulnerabilities

CVE-2018-14593

Published: Aug 04, 2018 | Modified: Oct 03, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.

Affected Software

Name Vendor Start Version End Version
Open_ticket_request_system Otrs 4.0.0 4.0.30
Open_ticket_request_system Otrs 5.0.0 5.0.28
Open_ticket_request_system Otrs 6.0.0 6.0.9

References