CVE-2022-39052 - OpenCVE

An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Otrs	Otrs

Configuration 1 [-]

OR	cpe:2.3:a:otrs:otrs:::::community:::*
	cpe:2.3:a:otrs:otrs::::::::
	cpe:2.3:a:otrs:otrs::::::::

No data.

References

Link	Providers
https://otrs.com/release-notes/otrs-security-advisory-2022-13/

History

No history.

MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2022-10-17T08:55:10.047405Z

Updated: 2024-09-16T18:33:43.971Z

Reserved: 2022-08-31T00:00:00

Link: CVE-2022-39052

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-17T09:15:12.310

Modified: 2022-10-20T14:20:52.760

Link: CVE-2022-39052

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39052", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "assignerShortName": "OTRS", "datePublished": "2022-10-17T08:55:10.047405Z", "dateUpdated": "2024-09-16T18:33:43.971Z", "dateReserved": "2022-08-31T00:00:00"}, "containers": {"cna": {"title": "DoS attack using email", "datePublic": "2022-10-17T00:00:00", "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2022-10-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system"}], "affected": [{"vendor": "OTRS AG", "product": "OTRS", "versions": [{"version": "7.0.x", "status": "affected", "lessThanOrEqual": "7.0.39", "versionType": "custom"}, {"version": "8.0.x", "status": "affected", "lessThanOrEqual": "8.0.26", "versionType": "custom"}]}, {"vendor": "OTRS AG", "product": "((OTRS)) Community Edition", "versions": [{"version": "6.0.1", "status": "affected", "lessThan": "6.0.x*", "versionType": "custom"}]}], "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", "cweId": "CWE-835"}]}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "source": {"advisory": "OSA-2022-13", "defect": ["2022070642001105"], "discovery": "USER"}, "solutions": [{"lang": "en", "value": "Update to OTRS 8.0.26 or OTRS 7.0.38."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:10:32.409Z"}, "title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*", "matchCriteriaId": "2330DDC0-20DF-4031-A4A3-017F0E73C08A", "versionEndIncluding": "6.0.32", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "356B7CBB-2B85-40FB-B348-A2C8A0DC26F0", "versionEndExcluding": "7.0.39", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D95AE5E-716F-4AEC-B3F9-11C15D26410A", "versionEndExcluding": "8.0.26", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system"}, {"lang": "es", "value": "Un atacante externo es capaz de enviar un correo electr\u00f3nico especialmente dise\u00f1ado (con muchos destinatarios) y desencadenar un potencial DoS del sistema"}], "id": "CVE-2022-39052", "lastModified": "2022-10-20T14:20:52.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@otrs.com", "type": "Secondary"}]}, "published": "2022-10-17T09:15:12.310", "references": [{"source": "security@otrs.com", "tags": ["Vendor Advisory"], "url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/"}], "sourceIdentifier": "security@otrs.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "security@otrs.com", "type": "Secondary"}]}