Information Disclosure Vulnerability in OTRS 7.0.x through 7.0.8

Information Disclosure Vulnerability in OTRS 7.0.x through 7.0.8

CVE-2019-13457 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.

Learn more about our User Device Pen Test.