CVE-2019-12497

{"id": "CVE-2019-12497", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-06-17T17:15:11.007", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://community.otrs.com/category/security-advisories-en/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. En el cliente o en la interfaz externa, la informaci\u00f3n personal de los agentes (por ejemplo, Nombre y direcci\u00f3n de correo) se puede divulgar en notas externas."}], "lastModified": "2023-08-31T03:15:09.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D349DFA6-D96A-4453-BD31-D09DEDD86675", "versionEndIncluding": "5.0.36", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C88AAB9C-2497-4438-94D4-9A04F4F5ED9C", "versionEndIncluding": "6.0.19", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B00766B-5077-4C1A-AFD6-031C8CE766DF", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}