CVE-2019-9892

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-9892
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9892.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-9892
Downstream
Related
Published
2019-05-22T00:29:02Z
Modified
2024-11-21T04:52:31Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.

References

Affected packages