Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-36093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition...

5.3CVSS5.7AI score0.01108EPSS
Exploits0References2
CVE
CVE
added 2025/01/27 5:59 a.m.64 views

CVE-2025-24389

CVE-2025-24389 affects OTRS and related builds (OTRS 7.0.X, 8.0.X, 2023.X, 2024.X and ((OTRS)) Community Edition 6.0.x; products based on CE are likely affected). The root cause is described as certain errors in upstream libraries that cause sensitive information to be written to the OTRS log mec...

6.3CVSS6.2AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 a.m.13 views

CVE-2024-43443

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....

4.9CVSS0.00358EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 a.m.16 views

CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

8.2CVSS0.00376EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-36091

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

4.3CVSS5AI score0.00726EPSS
Exploits0References3
NVD
NVD
added 2022/03/21 10:15 a.m.20 views

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

5.4CVSS0.0043EPSS
Exploits0References1
NVD
NVD
added 2021/09/06 2:15 p.m.22 views

CVE-2021-36095

Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...

5.3CVSS0.00943EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/09/06 2:15 p.m.32 views

CVE-2021-36095

Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...

5.3CVSS6.1AI score0.00943EPSS
Exploits0References2
Prion
Prion
added 2021/09/06 2:15 p.m.20 views

Design/Logic Flaw

Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...

5CVSS5.2AI score0.00943EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/09/06 2:15 p.m.16 views

Design/Logic Flaw

It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...

3.5CVSS5.2AI score0.0059EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/09/06 1:15 p.m.72 views

CVE-2021-36094

CVE-2021-36094 affects OTRS/OTRS Community Edition: XSS via the appointment edit screen. Affected products/versions are OTRS Community Edition 6.0.x (6.0.1 and later) and OTRS 7.0.x up to 7.0.28. The available documents describe the vulnerable component as the appointment editing UI, with the roo...

5.7CVSS5.2AI score0.0059EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/07/26 5:15 a.m.20 views

CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

6.5CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2021/07/26 5:15 a.m.2 views

DEBIAN-CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

6.5CVSS5.4AI score0.00814EPSS
Exploits0References1
OSV
OSV
added 2021/06/16 10:15 a.m.15 views

CVE-2021-21441

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...

7.5CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2021/06/16 10:15 a.m.13 views

CVE-2021-21441

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...

7.5CVSS0.01216EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/06/16 10:15 a.m.28 views

CVE-2021-21441

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...

7.5CVSS6.3AI score0.01216EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/06/16 9:50 a.m.19 views

CVE-2021-21441

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...

7.5CVSS5.1AI score0.01216EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/06/14 8:15 a.m.28 views

CVE-2021-21439

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS...

6.5CVSS6.2AI score0.00976EPSS
Exploits0References2
CVE
CVE
added 2021/02/08 10:55 a.m.74 views

CVE-2021-21435

CVE-2021-21435 affects OTRS AG OTRS 7.0.x up to 7.0.23 and 8.0.x up to 8.0.10. The issue: when printing a ticket (PDF) via an external interface, Article Bcc fields and agent personal information are exposed. The Initial Description provides CVSS v2/v3.1 scores (base 4.3/6.5) and a reference to O...

6.5CVSS5.8AI score0.01273EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/03/10 6:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...

4CVSS4.3AI score0.00907EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder