CVE-2019-12497
MEDIUMOTRS 5.0.0-5.0.35 - Exposure of Sensitive Agent Information in External Notes
Title source: llmDescription
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.
References (6)
Core 6
Core References
Broken Link vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
Broken Link vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
Broken Link vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
Vendor Advisory
https://community.otrs.com/category/security-advisories-en/
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html
Scores
CVSS v3
5.3
EPSS
0.0201
EPSS Percentile
78.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
debian/debian_linux
8.0
otrs/otrs
5.0.0 - 5.0.36
Published
Jun 17, 2019
Tracked Since
Feb 18, 2026