4.3
CVE-2021-21436
- EPSS 0.11%
- Veröffentlicht 08.02.2021 11:15:14
- Zuletzt bearbeitet 21.11.2024 05:48:21
- Quelle security@otrs.com
- CVE-Watchlists
- Unerledigt
LoginAgent is able to link customer's Config Items without permission
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Otrs ≫ Cis In Customer Frontend Version >= 7.0.0 <= 7.0.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.267 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| security@otrs.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.