admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-100xx/CVE-2019-10067.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

142 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-10067",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-05-22T00:29:00.617",
"lastModified": "2023-01-20T16:04:48.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en Open Ticket Request System (OTRS) versi\u00f3n 7.x hasta 7.0.6 y en Community Edition versi\u00f3n versi\u00f3n 5.0.x hasta 5.0.35 y versi\u00f3n 6.0.x hasta 6.0.17. Un atacante logeado en OTRS como un agente de usuario con los permisos apropiados puede manipular la URL para provocar la ejecuci\u00f3n de JavaScript en el contexto de OTRS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.0.35",
"matchCriteriaId": "47C540CA-5B12-4F0D-8FA9-7A51C40FBD86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.17",
"matchCriteriaId": "85151323-32CE-4839-AA73-60F8725E879B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.6",
"matchCriteriaId": "C68C6B27-26D4-453E-9142-3C193A4A530E"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink