Integer Format Vulnerability in Enhancesoft osTicket
CVE-2018-7194

4.9MEDIUM

Key Information:

Vendor: Osticket
Status: Osticket
Vendor: CVE Published:; 27 March 2018

What is CVE-2018-7194?

An integer format vulnerability in the ticket number generator within Enhancesoft's osTicket prior to version 1.10.2 may allow remote attackers to exploit the system. By submitting an excessively large number of digits in the ticket number format, attackers can trigger a denial-of-service condition that prevents the creation of new tickets, significantly disrupting ticket management functionalities.

References

https://blog.securityevaluators.com/vulnerabilities-found...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Feb 17, 2018

CVE-2018-7194 Data

JSON

Osticket

What is CVE-2018-7194?

References

CVSS V3.1

Timeline