Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/otrs2@0?distro=bullseye

Type deb

Namespace debian

Name otrs2

Version 0

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.1.1-1

Latest_non_vulnerable_version 6.0.32-6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1cad-s6nn-j7aw

vulnerability_id VCID-1cad-s6nn-j7aw

summary embedded prototype.js JavaScript hijacking

references

reference_url	http://dev.rubyonrails.org/ticket/7910
reference_id
reference_type
scores
url	http://dev.rubyonrails.org/ticket/7910

reference_url	http://prototypejs.org/2007/4/24/release-candidate-3
reference_id
reference_type
scores
url	http://prototypejs.org/2007/4/24/release-candidate-3

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-2383

reference_id

reference_type

scores

value	0.00262
scoring_system	epss
scoring_elements	0.49583
published_at	2026-04-18T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49489
published_at	2026-04-01T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49518
published_at	2026-04-02T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49546
published_at	2026-04-04T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49498
published_at	2026-04-07T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49553
published_at	2026-04-08T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49548
published_at	2026-04-09T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49565
published_at	2026-04-11T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49537
published_at	2026-04-12T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49539
published_at	2026-04-13T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49585
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-2383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383

reference_url	http://secunia.com/advisories/37677
reference_id
reference_type
scores
url	http://secunia.com/advisories/37677

reference_url	http://www.debian.org/security/2009/dsa-1952
reference_id
reference_type
scores
url	http://www.debian.org/security/2009/dsa-1952

reference_url	http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
reference_id
reference_type
scores
url	http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=539592
reference_id	539592
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=539592

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
reference_id	555220
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
reference_id	555221
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
reference_id	555250
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
reference_id	555255
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
reference_id	558977
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:prototypejs:prototype_framework:1.5.1_rc3:::::::*
reference_id	cpe:2.3:a:prototypejs:prototype_framework:1.5.1_rc3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:prototypejs:prototype_framework:1.5.1_rc3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-2383

reference_id

CVE-2007-2383

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2007-2383

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2007-2383

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cad-s6nn-j7aw

url VCID-2fxb-3haf-gket

vulnerability_id VCID-2fxb-3haf-gket

summary When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1778

reference_id

reference_type

scores

value	0.00233
scoring_system	epss
scoring_elements	0.46115
published_at	2026-04-01T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46155
published_at	2026-04-02T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46175
published_at	2026-04-04T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46122
published_at	2026-04-07T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46179
published_at	2026-04-08T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46176
published_at	2026-04-09T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.462
published_at	2026-04-11T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46171
published_at	2026-04-12T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46181
published_at	2026-04-13T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46238
published_at	2026-04-16T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46234
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1778

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2020-1778

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxb-3haf-gket

url VCID-4ab3-red7-x3aa

vulnerability_id VCID-4ab3-red7-x3aa

summary An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13457

reference_id

reference_type

scores

value	0.00443
scoring_system	epss
scoring_elements	0.63361
published_at	2026-04-18T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63319
published_at	2026-04-13T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63353
published_at	2026-04-16T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63234
published_at	2026-04-01T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63293
published_at	2026-04-02T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.6332
published_at	2026-04-04T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63286
published_at	2026-04-07T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63337
published_at	2026-04-08T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63355
published_at	2026-04-12T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63372
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13457

reference_url	https://otrs.com/release-notes/otrs-security-advisory-2019-11/
reference_id
reference_type
scores
url	https://otrs.com/release-notes/otrs-security-advisory-2019-11/

reference_url	https://www.otrs.com/category/release-and-security-notes-en/
reference_id
reference_type
scores
url	https://www.otrs.com/category/release-and-security-notes-en/

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs::::::::
reference_id	cpe:2.3:a:otrs:otrs::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13457

reference_id

CVE-2019-13457

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13457

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2019-13457

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ab3-red7-x3aa

url VCID-8cwz-ccuj-tbb9

vulnerability_id VCID-8cwz-ccuj-tbb9

summary Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21435

reference_id

reference_type

scores

value	0.00287
scoring_system	epss
scoring_elements	0.52021
published_at	2026-04-01T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52068
published_at	2026-04-02T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52095
published_at	2026-04-04T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5206
published_at	2026-04-07T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52114
published_at	2026-04-08T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5211
published_at	2026-04-09T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52162
published_at	2026-04-11T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52145
published_at	2026-04-12T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5213
published_at	2026-04-13T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5217
published_at	2026-04-16T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52173
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21435

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2021-21435

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cwz-ccuj-tbb9

url VCID-9ga6-vsc2-jkdw

vulnerability_id VCID-9ga6-vsc2-jkdw

summary BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1775

reference_id

reference_type

scores

value	0.00238
scoring_system	epss
scoring_elements	0.46786
published_at	2026-04-01T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46824
published_at	2026-04-02T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46843
published_at	2026-04-04T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46792
published_at	2026-04-07T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46846
published_at	2026-04-09T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46869
published_at	2026-04-11T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46842
published_at	2026-04-12T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46849
published_at	2026-04-13T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46904
published_at	2026-04-16T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46901
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1775

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2020-1775

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ga6-vsc2-jkdw

url VCID-sv2w-mb1n-1bfk

vulnerability_id VCID-sv2w-mb1n-1bfk

summary Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1777

reference_id

reference_type

scores

value	0.00237
scoring_system	epss
scoring_elements	0.46732
published_at	2026-04-01T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46772
published_at	2026-04-02T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46792
published_at	2026-04-04T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46741
published_at	2026-04-07T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46796
published_at	2026-04-08T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46795
published_at	2026-04-09T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46818
published_at	2026-04-11T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.4679
published_at	2026-04-12T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46798
published_at	2026-04-13T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46853
published_at	2026-04-16T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.4685
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1777

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2020-1777

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sv2w-mb1n-1bfk

url VCID-x8rr-csqf-3fa6

vulnerability_id VCID-x8rr-csqf-3fa6

summary The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1768

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54345
published_at	2026-04-01T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54424
published_at	2026-04-02T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54446
published_at	2026-04-04T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54414
published_at	2026-04-07T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54466
published_at	2026-04-08T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54461
published_at	2026-04-09T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54473
published_at	2026-04-16T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54456
published_at	2026-04-12T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54434
published_at	2026-04-13T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54477
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1768

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2020-1768

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8rr-csqf-3fa6

url VCID-yc4t-z4jx-vkc9

vulnerability_id VCID-yc4t-z4jx-vkc9

summary An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10065

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.41593
published_at	2026-04-01T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41681
published_at	2026-04-02T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41708
published_at	2026-04-04T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41636
published_at	2026-04-07T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41686
published_at	2026-04-08T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41694
published_at	2026-04-09T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41717
published_at	2026-04-16T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41684
published_at	2026-04-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41669
published_at	2026-04-13T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41691
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10065

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2019-10065

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yc4t-z4jx-vkc9

url VCID-yqad-95kf-1bcm

vulnerability_id VCID-yqad-95kf-1bcm

summary An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9753

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45322
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45402
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45422
published_at	2026-04-04T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45365
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45421
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45443
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45412
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45465
published_at	2026-04-16T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4546
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9753

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2019-9753

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yqad-95kf-1bcm

url VCID-zbpw-qryg-kyh3

vulnerability_id VCID-zbpw-qryg-kyh3

summary The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2385

reference_id

reference_type

scores

value	0.00735
scoring_system	epss
scoring_elements	0.72734
published_at	2026-04-01T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72741
published_at	2026-04-02T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.7276
published_at	2026-04-04T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72735
published_at	2026-04-07T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72774
published_at	2026-04-08T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72787
published_at	2026-04-09T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72812
published_at	2026-04-11T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72795
published_at	2026-04-12T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72786
published_at	2026-04-13T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.72829
published_at	2026-04-16T12:55:00Z

value	0.00735
scoring_system	epss
scoring_elements	0.7284
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2385

fixed_packages

url	pkg:deb/debian/otrs2@0?distro=bullseye
purl	pkg:deb/debian/otrs2@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2011-2385

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbpw-qryg-kyh3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@0%3Fdistro=bullseye

Package Instance