CVE-2020-1768
published 2020-02-07CVE-2020-1768: The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will…
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUINSUCLINAL
EPSS
0.75%
50.2th percentile
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | — | — |
| otrs | otrs | 7.0.0 – 7.0.14 | — |
| otrs_ag | otrs | 7.0.x – 7.0.14 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:P
osv5.4MEDIUM
vendor_debian5.4LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-chcp-v68p-g2px: The external frontend system uses numerous background calls to the backend
ghsa_unreviewed·2022-05-24
CVE-2020-1768 [MEDIUM] GHSA-chcp-v68p-g2px: The external frontend system uses numerous background calls to the backend
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
OSV
CVE-2020-1768: The external frontend system uses numerous background calls to the backend
osv·2020-02-07·CVSS 5.4
CVE-2020-1768 [MEDIUM] CVE-2020-1768: The external frontend system uses numerous background calls to the backend
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
Debian
CVE-2020-1768: otrs2 - The external frontend system uses numerous background calls to the backend. Each...
vendor_debian·2020·CVSS 5.4
CVE-2020-1768 [MEDIUM] CVE-2020-1768: otrs2 - The external frontend system uses numerous background calls to the backend. Each...
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
Scope: local
bullseye: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-07
Published