Vulnerability Details CVE-2022-32741
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2022-32741
-
cpe:2.3:a:otrs:otrs:7.0.0
-
cpe:2.3:a:otrs:otrs:7.0.11
-
cpe:2.3:a:otrs:otrs:7.0.12
-
cpe:2.3:a:otrs:otrs:7.0.13
-
cpe:2.3:a:otrs:otrs:7.0.14
-
cpe:2.3:a:otrs:otrs:7.0.15
-
cpe:2.3:a:otrs:otrs:7.0.16
-
cpe:2.3:a:otrs:otrs:7.0.17
-
cpe:2.3:a:otrs:otrs:7.0.18
-
cpe:2.3:a:otrs:otrs:7.0.19
-
cpe:2.3:a:otrs:otrs:7.0.21
-
cpe:2.3:a:otrs:otrs:7.0.22
-
cpe:2.3:a:otrs:otrs:7.0.23
-
cpe:2.3:a:otrs:otrs:7.0.24
-
cpe:2.3:a:otrs:otrs:7.0.26
-
cpe:2.3:a:otrs:otrs:7.0.27
-
cpe:2.3:a:otrs:otrs:7.0.28
-
cpe:2.3:a:otrs:otrs:7.0.29
-
cpe:2.3:a:otrs:otrs:7.0.30
-
cpe:2.3:a:otrs:otrs:7.0.31
-
cpe:2.3:a:otrs:otrs:7.0.32
-
cpe:2.3:a:otrs:otrs:7.0.4
-
cpe:2.3:a:otrs:otrs:7.0.5
-
cpe:2.3:a:otrs:otrs:7.0.6
-
cpe:2.3:a:otrs:otrs:7.0.7
-
cpe:2.3:a:otrs:otrs:7.0.8
-
cpe:2.3:a:otrs:otrs:8.0.0
-
cpe:2.3:a:otrs:otrs:8.0.1
-
cpe:2.3:a:otrs:otrs:8.0.10
-
cpe:2.3:a:otrs:otrs:8.0.11
-
cpe:2.3:a:otrs:otrs:8.0.12
-
cpe:2.3:a:otrs:otrs:8.0.13
-
cpe:2.3:a:otrs:otrs:8.0.14
-
cpe:2.3:a:otrs:otrs:8.0.15
-
cpe:2.3:a:otrs:otrs:8.0.16
-
cpe:2.3:a:otrs:otrs:8.0.17
-
cpe:2.3:a:otrs:otrs:8.0.18
-
cpe:2.3:a:otrs:otrs:8.0.19
-
cpe:2.3:a:otrs:otrs:8.0.2
-
cpe:2.3:a:otrs:otrs:8.0.3
-
cpe:2.3:a:otrs:otrs:8.0.4
-
cpe:2.3:a:otrs:otrs:8.0.5
-
cpe:2.3:a:otrs:otrs:8.0.6
-
cpe:2.3:a:otrs:otrs:8.0.7
-
cpe:2.3:a:otrs:otrs:8.0.9