6 matches found
SUSE CVE-2024-43446
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...
UBUNTU-CVE-2024-43442
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...
CVE-2020-1767 Possible to send drafted messages as wrong agent
Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...
PT-2020-9940 · Otrs +2 · Otrs +2
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.0.x through 7.0.12 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.38 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.23 Description: An issu...
CVE-2019-12497
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...
PT-2019-12826 · Otrs +2 · Otrs +2
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.0.x through 7.0.8 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.19 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.36 Description: An issue...