QwikSec

Security Database

CVE

CWE

Training

CVE-2020-1765

Published: Jan 10, 2020

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

3.5

LOW

Description

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Vendor	Product	Versions
OTRS AG	((OTRS)) Community Edition	affected `5.0.x version 5.0.39 and prior versions` affected `6.0.x version 6.0.24 and prior versions`
OTRS AG	OTRS	affected `7.0.x version 7.0.13 and prior versions`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://otrs.com/release-notes/otrs-security-advisory-2020-01/

[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update

mailing-list

openSUSE-SU-2020:0551

vendor-advisory

openSUSE-SU-2020:1475

vendor-advisory

openSUSE-SU-2020:1509

vendor-advisory

[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.