CVE-2022-32739
published 2022-06-13CVE-2022-32739: When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
PriorityP424medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.73%
49.7th percentile
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| otrs | calendar_resource_planning | >= 7.0.0 < 7.0.31 | 7.0.31 |
| otrs | calendar_resource_planning | >= 8.0.0 < 8.0.23 | 8.0.23 |
| otrs | otrs | >= 7.0.0 < 7.0.35 | 7.0.35 |
| otrs | otrs | >= 8.0.0 < 8.0.23 | 8.0.23 |
| otrs_ag | otrs | 7.0.x – 7.0.34 | — |
| otrs_ag | otrs | 8.0.x – 8.0.22 | — |
| otrs_ag | otrscalendarresourceplanning | 7.0.x – 7.0.30 | — |
| otrs_ag | otrscalendarresourceplanning | 8.0.x – 8.0.20 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pw8m-gw6h-hj2v: When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS releas
ghsa_unreviewed·2022-06-14
CVE-2022-32739 [MEDIUM] GHSA-pw8m-gw6h-hj2v: When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS releas
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
OSV
CVE-2022-32739: When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS releas
osv·2022-06-13·CVSS 5.3
CVE-2022-32739 [MEDIUM] CVE-2022-32739: When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS releas
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-13
Published