Medium severity6.5NVD Advisory· Published May 22, 2019· Updated Jun 17, 2026
CVE-2019-9892
CVE-2019-9892
Description
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- OTRS/Open Ticket Request Systemdescription
- Range: 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6
- osv-coords5 versionspkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP2
< 5.0.42-bp151.3.3.1+ 4 more
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
Patches
Vulnerability mechanics
References
5- community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/nvdVendor Advisory
- lists.debian.org/debian-lts-announce/2019/05/msg00003.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.