CVE-2020-1765

Summary

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Affected Software

VendorProductVersion RangeStatus
OTRS AG((OTRS)) Community Edition5.0.x version 5.0.39 and prior versionsaffected
OTRS AG((OTRS)) Community Edition6.0.x version 6.0.24 and prior versionsaffected
OTRS AGOTRS7.0.x version 7.0.13 and prior versionsaffected

Weaknesses

  • CWE-472: CWE-472 External Control of Assumed-Immutable Web Parameter

ADP Enrichment

CVE Program Container

Additional References

References