The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OTRS Help Desk

computer vulnerability announce CVE-2019-9751

OTRS Help Desk: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: OTRS Help Desk.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 08/03/2019.
Identifiers: CVE-2019-9751, OSA-2019-02, VIGILANCE-VUL-28697.

Description of the vulnerability

The OTRS Help Desk product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9752

OTRS Help Desk: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, OTRS Help Desk.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/01/2019.
Identifiers: CVE-2019-9752, DLA-1721-1, OSA-2019-01, VIGILANCE-VUL-28308.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-19141

OTRS Help Desk: Cross Site Scripting via Admin User

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Admin User of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, openSUSE Leap, OTRS Help Desk, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 09/11/2018.
Identifiers: CVE-2018-19141, DLA-1592-1, openSUSE-SU-2018:4046-1, OSA-2018-09, OSA-2018-10, VIGILANCE-VUL-27747.

Description of the vulnerability

The OTRS Help Desk product offers a web service.

However, it does not filter received data via Admin User before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Admin User of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19142

OTRS Help Desk: Cross Site Scripting via Admin User

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Admin User of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: OTRS Help Desk.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 09/11/2018.
Identifiers: CVE-2018-19142, OSA-2018-08, OSA-2018-10, VIGILANCE-VUL-27746.

Description of the vulnerability

The OTRS Help Desk product offers a web service.

However, it does not filter received data via Admin User before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Admin User of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-19143

OTRS Help Desk: denial of service via Files Deletion

Synthesis of the vulnerability

An attacker can generate a fatal error via Files Deletion of OTRS Help Desk, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, OTRS Help Desk, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 09/11/2018.
Identifiers: CVE-2018-19143, DLA-1592-1, openSUSE-SU-2018:4046-1, OSA-2018-07, OSA-2018-10, VIGILANCE-VUL-27745.

Description of the vulnerability

An attacker can generate a fatal error via Files Deletion of OTRS Help Desk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-17883

OTRS Help Desk: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: OTRS Help Desk.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/10/2018.
Identifiers: CVE-2018-17883, OSA-2018-06, VIGILANCE-VUL-27423.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-14593

OTRS Help Desk: privilege escalation via Special URL

Synthesis of the vulnerability

An attacker can bypass restrictions via Special URL of OTRS Help Desk, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, OTRS Help Desk, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 31/07/2018.
Identifiers: CVE-2018-14593, DLA-1473-1, DSA-4317-1, openSUSE-SU-2018:3005-1, OSA-2018-03, VIGILANCE-VUL-26880.

Description of the vulnerability

An attacker can bypass restrictions via Special URL of OTRS Help Desk, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-11563

OTRS Help Desk: information disclosure via Ticket Overview Screen

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Ticket Overview Screen of OTRS Help Desk, in order to obtain sensitive information.
Impacted products: OTRS Help Desk.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 12/06/2018.
Identifiers: CVE-2018-11563, OSA-2018-02, VIGILANCE-VUL-26376.

Description of the vulnerability

An attacker can bypass access restrictions to data via Ticket Overview Screen of OTRS Help Desk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-10198

OTRS Help Desk: information disclosure via Customer Tickets

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Customer Tickets of OTRS Help Desk, in order to obtain sensitive information.
Impacted products: OTRS Help Desk.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 04/05/2018.
Identifiers: CVE-2018-10198, OSA-2018-01, VIGILANCE-VUL-26047.

Description of the vulnerability

An attacker can bypass access restrictions to data via Customer Tickets of OTRS Help Desk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-7567

OTRS Help Desk: privilege escalation via OPM

Synthesis of the vulnerability

An attacker can bypass restrictions via OPM of OTRS Help Desk, in order to escalate his privileges.
Impacted products: OTRS Help Desk.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 06/03/2018.
Identifiers: CVE-2018-7567, VIGILANCE-VUL-25445.

Description of the vulnerability

An attacker can bypass restrictions via OPM of OTRS Help Desk, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OTRS Help Desk: