34 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-36093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition...
CVE-2025-24389
CVE-2025-24389 affects OTRS and related builds (OTRS 7.0.X, 8.0.X, 2023.X, 2024.X and ((OTRS)) Community Edition 6.0.x; products based on CE are likely affected). The root cause is described as certain errors in upstream libraries that cause sensitive information to be written to the OTRS log mec...
CVE-2024-43443
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....
CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
SUSE CVE-2021-36091
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...
CVE-2021-36095
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...
CVE-2021-36095
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...
Design/Logic Flaw
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...
Design/Logic Flaw
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...
CVE-2021-36094
CVE-2021-36094 affects OTRS/OTRS Community Edition: XSS via the appointment edit screen. Affected products/versions are OTRS Community Edition 6.0.x (6.0.1 and later) and OTRS 7.0.x up to 7.0.28. The available documents describe the vulnerable component as the appointment editing UI, with the roo...
CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...
DEBIAN-CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...
CVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...
CVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...
CVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...
CVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...
CVE-2021-21439
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS...
CVE-2021-21435
CVE-2021-21435 affects OTRS AG OTRS 7.0.x up to 7.0.23 and 8.0.x up to 8.0.10. The issue: when printing a ticket (PDF) via an external interface, Article Bcc fields and agent personal information are exposed. The Initial Description provides CVSS v2/v3.1 scores (base 4.3/6.5) and a reference to O...
Design/Logic Flaw
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...