Medium severity5.3NVD Advisory· Published Jun 17, 2019· Updated Jun 17, 2026
CVE-2019-12497
CVE-2019-12497
Description
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- OTRS/Open Ticket Request Systemdescription
- Range: 6.0.x through 6.0.19, 5.0.x through 5.0.36
- osv-coords5 versionspkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP2
< 5.0.42-bp151.3.3.1+ 4 more
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
Patches
Vulnerability mechanics
References
6- community.otrs.com/category/security-advisories-en/nvdVendor Advisory
- lists.debian.org/debian-lts-announce/2019/06/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.htmlnvdBroken Link
- lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlnvd
News mentions
0No linked articles in our index yet.