CVE-2018-16587

MEDIUM

Open Ticket Request System 4.0.0-4.0.31 - Arbitrary File Deletion via Malicious Email

Title source: llm
STIX 2.1

Description

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.

References (6)

Core 6

Scores

CVSS v3 6.5
EPSS 0.0175
EPSS Percentile 75.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
debian/debian_linux 8.0
debian/debian_linux 9.0
otrs/open_ticket_request_system 4.0.0 - 4.0.32
Published Sep 28, 2018
Tracked Since Feb 18, 2026