Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/20 6:20 p.m.3 views

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS5.7AI score0.00191EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/01/28 12:23 a.m.5 views

SUSE CVE-2024-43446

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

3.5CVSS7AI score0.00208EPSS
Exploits0References3
CVE
CVE
added 2025/01/27 5:59 a.m.63 views

CVE-2025-24389

CVE-2025-24389 affects OTRS and related builds (OTRS 7.0.X, 8.0.X, 2023.X, 2024.X and ((OTRS)) Community Edition 6.0.x; products based on CE are likely affected). The root cause is described as certain errors in upstream libraries that cause sensitive information to be written to the OTRS log mec...

6.3CVSS6.2AI score0.00137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/13 12:0 a.m.24 views

Adobe ColdFusion < 2021.x < 2021u16 / 2023.x < 2023u10 Vulnerability (APSB24-71)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 16 or 2023.x update 10. It is, therefore, affected by a vulnerability as referenced in the APSB24-71 advisory. - Deserialization of Untrusted Data CWE-502 potentially leading to Arbitrary code execution...

9.8CVSS5.9AI score0.30326EPSS
Exploits0References2
NVD
NVD
added 2024/08/26 9:15 a.m.13 views

CVE-2024-43443

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....

4.9CVSS0.00358EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 a.m.16 views

CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

8.2CVSS0.00376EPSS
Exploits0References1
OSV
OSV
added 2024/08/26 9:15 a.m.2 views

UBUNTU-CVE-2024-43442

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...

4.9CVSS5.8AI score0.00402EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/26 8:42 a.m.21 views

CVE-2024-43442 Stored XSS in System Configuration

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...

4.9CVSS0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/15 7:13 a.m.25 views

CVE-2024-6540 Information exlosure in external interface

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

5.7CVSS0.00385EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/06/06 7:15 p.m.20 views

CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

6.3CVSS6.1AI score0.00775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.38 views

Adobe ColdFusion < 2018.x < 2018u18 / 2021.x < 2021u8 / 2023.x < 2023u2 Code Execution (APSB23-41)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 18, 2021.x update 8, or 2023.x update 2. It is, therefore, affected by a code execution vulnerability as referenced in the APSB23-41 advisory. Due to deserialization of untrusted data, a remote,...

9.8CVSS8.2AI score0.97003EPSS
Exploits0References2
Rows per page
Query Builder