32 matches found
CVE-2026-48191
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
EUVD-2026-33549
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
CVE-2026-48191
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
PT-2026-45263
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
OTRS security vulnerabilities
OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X up to version 2026.4.X. These vulnerabilities stem from improper handling of permissions for external interfaces and the configuration ite...
OTRS security vulnerabilities
OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X of OTRS, as well as versions before 2026.4.X. These vulnerabilities stem from improper handling of permissions in the document search...
CVE-2021-22351
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions...
SUSE CVE-2019-9753
An issue was discovered in Open Ticket Request System OTRS 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ...
CVE-2021-22351
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions...
CVE-2021-21437
Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions...
PT-2021-14509 · Unknown · Otrs Ag Otrscisincustomerfrontend +1
Name of the Vulnerable Software and Affected Versions: OTRSCIsInCustomerFrontend versions 7.0.15 and prior ITSMConfigurationManagement versions 7.0.24 and prior Description: The issue allows agents to see linked Config Items without the necessary permissions, which are defined in the General...
OTRS AG OTRSCIsInCustomerFrontend 权限许可和访问控制问题漏洞
OTRS AG OTRSCIsInCustomerFrontend is a management system from OTRS USA. It provides modern, flexible ticket and process management services. A security vulnerability exists in OTRSCIsInCustomerFrontend that originates from viewing linked configuration items, which are defined in a common director...
OTRS AG OTRSCIsInCustomerFrontend Permission License and Access Control Issues Vulnerability
OTRS AG OTRSCIsInCustomerFrontend is a management system from OTRS USA. It provides modern, flexible ticket and process management services. A privilege permission and access control issue vulnerability exists in OTRS AG OTRSCIsInCustomerFrontend, which stems from an agent being able to view and...
UBUNTU-CVE-2021-21436
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions...
OTRS AG OTRSCIsInCustomerFrontend 权限许可和访问控制问题漏洞
OTRS AG OTRSCIsInCustomerFrontend is a management system from OTRS USA. It provides modern, flexible ticket and process management services. A privilege permission and access control issue vulnerability exists in OTRS AG OTRSCIsInCustomerFrontend, which stems from an agent being able to view and...
CVE-2020-16102
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to...
F5 Networks BIG-IP : vCMP vulnerability (K01413496)
Under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files. CVE-2019-6632 Impact BIG-IP This...
CVE-2019-9753
An issue was discovered in Open Ticket Request System OTRS 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ...
CVE-2019-9753
An issue was discovered in Open Ticket Request System OTRS 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ...