HIGH✓ PATCH🇬🇧 English

CVE-2023-6254

CVSS 8.1v3.1pub. 2023-11-27upd. 2024-11-21

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Otrs

    APP
    Otrs
    8.0.1 – 8.0.37
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-48188CRITICAL9.1PL ✓ten sam produkt

OTRS / Community Edition: SQL injection z pominięciem uwierzytelnienia

CVE-2026-48209HIGH7.1ten sam produkt

An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling al...

CVE-2023-5422HIGH8.7ten sam produkt

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL o...

CVE-2023-38056HIGH7.2ten sam produkt

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTas...

CVE-2023-2534HIGH7.6ten sam produkt

Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticat...

CVE-2023-6254 — HIGH 8.1 | CVEbaza.pl