CVE-2018-16586 — Open Ticket Request System vulnerability

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 31.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Open Ticket Request System Debian Otrs2 Debian Linux

Timeline

PublishedSep 28

Latest updateMay 13

Description

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDotrs/open_ticket_request_system4.0.0 — 4.0.32+2

▶debiandebian/otrs2< otrs2 6.0.11-1 (bullseye)

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: community.otrs.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-x292-mprx-3fmj: In Open Ticket Request System (OTRS) 4↗2022-05-13

▶

OSV

CVE-2018-16586: In Open Ticket Request System (OTRS) 4↗2018-09-28

▶

📋Vendor Advisories

Debian

CVE-2018-16586: otrs2 - In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, a...↗2018

▶