Low Severity
CVSS Score:3.3
CVSS Base Vector:
AV:N/AC:L/Au:M/C:P/I:N/A:N
Detection Type:
Remote Banner Unreliable
Solution Type:
Vendor Patch
Summary:
OTRS is prone to an information disclosure vulnerability.
Detection Method:
Checks if a vulnerable version is present on the target host.
Technical Details:
An attacker who is logged into OTRS as an agent user with
appropriate permissions can leverage OTRS tags in templates in order to disclose hashed user passwords.
Affected Versions:
OTRS 5.0.x through 5.0.36, 6.0.x through 6.0.19 and 7.0.x through 7.0.8.
Recommendations:
Update to version 5.0.37, 6.0.20, 7.0.9 or later.
Web application abuses
Creation Time:2019-08-22 09:07:11
Modification Time:2019-08-22 09:32:29
Find and Fix this Vulnerability:Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition
NVD CVE ID:
Debian Security Advisory DSA 4545-1 (mediawiki - security update)
Debian LTS Advisory ([SECURITY] [DLA 1966-1] aspell security update)
Debian LTS Advisory ([SECURITY] [DLA 1965-1] nfs-utils security update)
Apache HTTP Server Memory Access Vulnerability (Windows)
Apache HTTP Server Memory Access Vulnerability (Linux)
Apache HTTP Server Multiple Vulnerabilities (Windows)
Apache HTTP Server Multiple Vulnerabilities (Linux)
Apache HTTP Server Stack Overflow Vulnerability (Windows)
Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.