CVE-2018-14593

high

Description

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.

References

https://www.debian.org/security/2018/dsa-4317

https://lists.debian.org/debian-lts-announce/2018/08/msg00021.html

https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de

Details

Source: Mitre, NVD

Published: 2018-08-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High