CVE-2020-10100

An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

CVE-2017-16854

The CVE-2017-16854 issue affects Open Ticket Request System (OTRS) up to versions 3.3.20, 4.x up to 4.0.26, 5.x up to 5.0.24, and 6.x up to 6.0.1, where an authenticated customer can use the ticket search form to disclose internal article information in customer tickets. Connected advisories conf...

CVE-2017-16854

In Open Ticket Request System OTRS through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets...