CVE-2022-32741
MEDIUMOtrs < 7.0.35 - Information Disclosure
Title source: ruleDescription
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
Scores
CVSS v3
5.3
EPSS
0.0036
EPSS Percentile
58.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-200
Status
published
Affected Products (1)
otrs/otrs
< 7.0.35
Timeline
Published
Jun 13, 2022
Tracked Since
Feb 18, 2026