Enhancesoft osTicket up to 1.10.1 Password Reset credentials management

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Enhancesoft osTicket up to 1.10.1 (Ticket Tracking Software). Affected is some unknown processing of the component Password Reset. Upgrading to version 1.10.2 eliminates this vulnerability.

Field	03/28/2018 09:09 AM	01/17/2020 01:39 PM
type	Ticket Tracking Software	Ticket Tracking Software
vendor	Enhancesoft	Enhancesoft
name	osTicket	osTicket
version	<=1.10.1	<=1.10.1
component	Password Reset	Password Reset
cwe	255 (credentials management)	255 (credentials management)
risk	2	2
cvss2_vuldb_basescore	6.8	6.8
cvss2_vuldb_tempscore	5.9	5.9
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	M	M
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_nvd_av	N	N
cvss2_nvd_ac	M	M
cvss2_nvd_au	N	N
cvss2_nvd_ci	N	N
cvss2_nvd_ii	P	P
cvss2_nvd_ai	N	N
cvss3_meta_basescore	6.8	6.8
cvss3_meta_tempscore	6.5	6.5
cvss3_vuldb_basescore	5.6	5.6
cvss3_vuldb_tempscore	5.4	5.4
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	H	H
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_nvd_av	N	N
cvss3_nvd_ac	H	H
cvss3_nvd_pr	N	N
cvss3_nvd_ui	N	N
cvss3_nvd_s	U	U
cvss3_nvd_c	H	H
cvss3_nvd_i	H	H
cvss3_nvd_a	H	H
date	1522108800 (03/27/2018)	1522108800 (03/27/2018)
url	https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c	https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c
price_0day	$0-$5k	$0-$5k
name	Upgrade	Upgrade
upgrade_version	1.10.2	1.10.2
cve	CVE-2018-7195	CVE-2018-7195
cve_assigned	1518825600 (02/17/2018)	1518825600 (02/17/2018)
cve_nvd_published	1522108800	1522108800
cve_nvd_summary	Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.	Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
seealso	115125 115126 115127 115129	115125 115126 115127 115129
location	Website	Website
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	X	X
0day_days	5	5
cvss3_nvd_basescore	8.1	8.1
discoverydate		1521676800

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!