An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
2020-03-27T13:15:15.473
2024-11-21T05:11:21.640
Modified
CVSSv3.1: 7.3 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:N
8.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | otrs | otrs | ≤ 5.0.41 | Yes |
| Application | otrs | otrs | ≤ 6.0.26 | Yes |
| Application | otrs | otrs | ≤ 7.0.15 | Yes |