CVE-2020-1767 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-1767 Interim 1 4 2025-02-17T01:43:58Z current 2022-07-26T00:09:13Z 2025-02-17T01:43:58Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-1767 Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. CVE-2020-1767 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N