23 matches found
EUVD-2026-33549
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
CVE-2026-48191
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
PT-2026-45263
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
EUVD-2021-22732
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-16854
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Open Ticket Request System OTRS through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use t...
CVE-2024-43442 Stored XSS in System Configuration
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...
CVE-2024-6540
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...
CVE-2024-23794
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the...
PT-2024-2036 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.48 OTRS versions 8.0.X through 8.0.37 OTRS versions 2023 through 2023.1.1 Description: The issue is related to an Improper Input Validation vulnerability in the upload functionality for user avatars, which allo...
Input validation
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...
CVE-2023-1250
Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...
SUSE CVE-2018-16586
In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources...
OTRS 安全漏洞
OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions prior to 8.0.26, which stems from the fact that an agent without privileges can access the content of article templates that contain sensitive data...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
Command injection
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
The vulnerability of the OTRS ticket request system, related to deficiencies in processing exceptional statuses, allows a violator to trigger a service denial.
The vulnerability of the OTRS ticket request system is related to deficiencies in handling exceptional situations. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a message containing a specially created URL address...
OTRS AG OTRS 输入验证错误漏洞
OTRS is an application from the German company OTRS. A service management software. OTRS AG An input validation error vulnerability exists in OTRS that arises from the system not properly validating incoming data. An attacker placing a specially crafted URL in the body of an email message could...