Vulnerability Details CVE-2019-12497
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
- https://community.otrs.com/category/security-advisories-en/
- https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
- https://community.otrs.com/category/security-advisories-en/
- https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
Products affected by CVE-2019-12497
-
cpe:2.3:a:otrs:otrs:5.0.0
-
cpe:2.3:a:otrs:otrs:5.0.1
-
cpe:2.3:a:otrs:otrs:5.0.10
-
cpe:2.3:a:otrs:otrs:5.0.11
-
cpe:2.3:a:otrs:otrs:5.0.12
-
cpe:2.3:a:otrs:otrs:5.0.13
-
cpe:2.3:a:otrs:otrs:5.0.14
-
cpe:2.3:a:otrs:otrs:5.0.15
-
cpe:2.3:a:otrs:otrs:5.0.16
-
cpe:2.3:a:otrs:otrs:5.0.17
-
cpe:2.3:a:otrs:otrs:5.0.18
-
cpe:2.3:a:otrs:otrs:5.0.19
-
cpe:2.3:a:otrs:otrs:5.0.2
-
cpe:2.3:a:otrs:otrs:5.0.20
-
cpe:2.3:a:otrs:otrs:5.0.21
-
cpe:2.3:a:otrs:otrs:5.0.22
-
cpe:2.3:a:otrs:otrs:5.0.23
-
cpe:2.3:a:otrs:otrs:5.0.24
-
cpe:2.3:a:otrs:otrs:5.0.25
-
cpe:2.3:a:otrs:otrs:5.0.26
-
cpe:2.3:a:otrs:otrs:5.0.27
-
cpe:2.3:a:otrs:otrs:5.0.28
-
cpe:2.3:a:otrs:otrs:5.0.29
-
cpe:2.3:a:otrs:otrs:5.0.3
-
cpe:2.3:a:otrs:otrs:5.0.30
-
cpe:2.3:a:otrs:otrs:5.0.31
-
cpe:2.3:a:otrs:otrs:5.0.32
-
cpe:2.3:a:otrs:otrs:5.0.33
-
cpe:2.3:a:otrs:otrs:5.0.34
-
cpe:2.3:a:otrs:otrs:5.0.35
-
cpe:2.3:a:otrs:otrs:5.0.36
-
cpe:2.3:a:otrs:otrs:5.0.4
-
cpe:2.3:a:otrs:otrs:5.0.5
-
cpe:2.3:a:otrs:otrs:5.0.6
-
cpe:2.3:a:otrs:otrs:5.0.7
-
cpe:2.3:a:otrs:otrs:5.0.8
-
cpe:2.3:a:otrs:otrs:5.0.9
-
cpe:2.3:a:otrs:otrs:6.0.0
-
cpe:2.3:a:otrs:otrs:6.0.1
-
cpe:2.3:a:otrs:otrs:6.0.10
-
cpe:2.3:a:otrs:otrs:6.0.11
-
cpe:2.3:a:otrs:otrs:6.0.12
-
cpe:2.3:a:otrs:otrs:6.0.13
-
cpe:2.3:a:otrs:otrs:6.0.14
-
cpe:2.3:a:otrs:otrs:6.0.15
-
cpe:2.3:a:otrs:otrs:6.0.16
-
cpe:2.3:a:otrs:otrs:6.0.17
-
cpe:2.3:a:otrs:otrs:6.0.18
-
cpe:2.3:a:otrs:otrs:6.0.19
-
cpe:2.3:a:otrs:otrs:6.0.2
-
cpe:2.3:a:otrs:otrs:6.0.3
-
cpe:2.3:a:otrs:otrs:6.0.4
-
cpe:2.3:a:otrs:otrs:6.0.5
-
cpe:2.3:a:otrs:otrs:6.0.6
-
cpe:2.3:a:otrs:otrs:6.0.7
-
cpe:2.3:a:otrs:otrs:6.0.8
-
cpe:2.3:a:otrs:otrs:6.0.9
-
cpe:2.3:a:otrs:otrs:7.0.0
-
cpe:2.3:a:otrs:otrs:7.0.4
-
cpe:2.3:a:otrs:otrs:7.0.5
-
cpe:2.3:a:otrs:otrs:7.0.6
-
cpe:2.3:a:otrs:otrs:7.0.7
-
cpe:2.3:a:otrs:otrs:7.0.8
-
cpe:2.3:o:debian:debian_linux:8.0