Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rg2d-x2j3-jycq
Vulnerability ID VCID-rg2d-x2j3-jycq
Aliases CVE-2019-9892
Summary An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2019-9892
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-9892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9892
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.62723
EPSS Score 0.00432
Published At April 21, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T16:33:58.786250+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.0.0