← back
CVE-2023-38056

Code execution via System Configuration

CVSS 7.2 HIGHEPSS 0.8%CWE-78
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
OTRS AG · OTRSOTRS AG · ((OTRS)) Community Edition

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://otrs.com/release-notes/otrs-security-advisory-2023-05/