11 matches found
CVE-2026-6060
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...
SUSE CVE-2024-43446
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...
CVE-2025-24389
CVE-2025-24389 affects OTRS and related builds (OTRS 7.0.X, 8.0.X, 2023.X, 2024.X and ((OTRS)) Community Edition 6.0.x; products based on CE are likely affected). The root cause is described as certain errors in upstream libraries that cause sensitive information to be written to the OTRS log mec...
Adobe ColdFusion < 2021.x < 2021u16 / 2023.x < 2023u10 Vulnerability (APSB24-71)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 16 or 2023.x update 10. It is, therefore, affected by a vulnerability as referenced in the APSB24-71 advisory. - Deserialization of Untrusted Data CWE-502 potentially leading to Arbitrary code execution...
CVE-2024-43443
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....
CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
UBUNTU-CVE-2024-43442
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...
CVE-2024-43442 Stored XSS in System Configuration
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...
CVE-2024-6540 Information exlosure in external interface
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...
CVE-2024-23793
The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...
Adobe ColdFusion < 2018.x < 2018u18 / 2021.x < 2021u8 / 2023.x < 2023u2 Code Execution (APSB23-41)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 18, 2021.x update 8, or 2023.x update 2. It is, therefore, affected by a code execution vulnerability as referenced in the APSB23-41 advisory. Due to deserialization of untrusted data, a remote,...