The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OTRS Help Desk

computer vulnerability bulletin CVE-2019-12746

OTRS Help Desk: privilege escalation via Session ID Link Sharing

Synthesis of the vulnerability

An attacker can bypass restrictions via Session ID Link Sharing of OTRS Help Desk, in order to escalate his privileges.
Impacted products: Debian, OTRS Help Desk.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: user account.
Creation date: 12/07/2019.
Identifiers: CVE-2019-12746, DLA-1877-1, OSA-2019-10, VIGILANCE-VUL-29758.

Description of the vulnerability

An attacker can bypass restrictions via Session ID Link Sharing of OTRS Help Desk, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-13457

OTRS Help Desk: information disclosure via Search Results Company Tickets

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Search Results Company Tickets of OTRS Help Desk, in order to obtain sensitive information.
Impacted products: OTRS Help Desk.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 12/07/2019.
Identifiers: CVE-2019-13457, OSA-2019-11, VIGILANCE-VUL-29757.

Description of the vulnerability

An attacker can bypass access restrictions to data via Search Results Company Tickets of OTRS Help Desk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-13458

OTRS Help Desk: information disclosure via Template Tags Password Hashs

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Template Tags Password Hashs of OTRS Help Desk, in order to obtain sensitive information.
Impacted products: Debian, OTRS Help Desk.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 12/07/2019.
Identifiers: CVE-2019-13458, DLA-1877-1, OSA-2019-12, VIGILANCE-VUL-29756.

Description of the vulnerability

An attacker can bypass access restrictions to data via Template Tags Password Hashs of OTRS Help Desk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-9753

OTRS Help Desk: information disclosure via the search function

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via the search function of OTRS Help Desk, in order to obtain sensitive information.
Impacted products: OTRS Help Desk.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 04/06/2019.
Identifiers: CVE-2019-9753, OSA-2019-03, VIGILANCE-VUL-29459.

Description of the vulnerability

An attacker can bypass access restrictions to data via the search function of OTRS Help Desk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-12497

OTRS Help Desk: information disclosure via External Notes

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via External Notes of OTRS Help Desk, in order to obtain sensitive information.
Impacted products: Debian, OTRS Help Desk.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 03/06/2019.
Identifiers: CVE-2019-12497, DLA-1816-1, OSA-2019-09, VIGILANCE-VUL-29446.

Description of the vulnerability

An attacker can bypass access restrictions to data via External Notes of OTRS Help Desk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-12248

OTRS Help Desk: information disclosure via Quoted Email

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Quoted Email of OTRS Help Desk, in order to obtain sensitive information.
Impacted products: Debian, OTRS Help Desk.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 03/06/2019.
Identifiers: CVE-2019-12248, DLA-1816-1, OSA-2019-08, VIGILANCE-VUL-29445.

Description of the vulnerability

An attacker can bypass access restrictions to data via Quoted Email of OTRS Help Desk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-10066 CVE-2019-10067 CVE-2019-9892

OTRS Help Desk: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OTRS Help Desk.
Impacted products: Debian, OTRS Help Desk.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/04/2019.
Identifiers: CVE-2019-10066, CVE-2019-10067, CVE-2019-9892, DLA-1774-1, OSA-2019-04, OSA-2019-05, OSA-2019-06, VIGILANCE-VUL-29146.

Description of the vulnerability

Several vulnerabilities were announced in OTRS Help Desk.

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; CVE-2019-9892, OSA-2019-04]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2019-10067, OSA-2019-05]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2019-10066, OSA-2019-06]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-9751

OTRS Help Desk: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: OTRS Help Desk.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 08/03/2019.
Identifiers: CVE-2019-9751, OSA-2019-02, VIGILANCE-VUL-28697.

Description of the vulnerability

The OTRS Help Desk product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9752

OTRS Help Desk: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, OTRS Help Desk.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/01/2019.
Identifiers: CVE-2019-9752, DLA-1721-1, OSA-2019-01, VIGILANCE-VUL-28308.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-19141

OTRS Help Desk: Cross Site Scripting via Admin User

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Admin User of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, openSUSE Leap, OTRS Help Desk, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 09/11/2018.
Identifiers: CVE-2018-19141, DLA-1592-1, openSUSE-SU-2018:4046-1, OSA-2018-09, OSA-2018-10, VIGILANCE-VUL-27747.

Description of the vulnerability

The OTRS Help Desk product offers a web service.

However, it does not filter received data via Admin User before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Admin User of OTRS Help Desk, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OTRS Help Desk: