4.3

CVE-2018-16586

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OtrsOpen Ticket Request System Version >= 4.0.0 < 4.0.32
OtrsOpen Ticket Request System Version >= 5.0.0 < 5.0.30
OtrsOpen Ticket Request System Version >= 6.0.0 < 6.0.11
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.49% 0.706
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.debian.org/security/2018/dsa-4317
Third Party Advisory
https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
Patch
Vendor Advisory
https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963
Patch
https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7
Patch
https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302
Patch
https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html
Third Party Advisory
Mailing List