Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-36093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition...

5.3CVSS6.2AI score0.01108EPSS
Exploits0References2
CVE
CVE
added 2025/01/27 5:59 a.m.65 views

CVE-2025-24389

CVE-2025-24389 affects OTRS and related builds (OTRS 7.0.X, 8.0.X, 2023.X, 2024.X and ((OTRS)) Community Edition 6.0.x; products based on CE are likely affected). The root cause is described as certain errors in upstream libraries that cause sensitive information to be written to the OTRS log mec...

6.3CVSS6.2AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 a.m.18 views

CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

8.2CVSS0.00376EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 a.m.14 views

CVE-2024-43443

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....

4.9CVSS0.00355EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/15 7:13 a.m.16 views

CVE-2024-6540 Information exlosure in external interface

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

5.7CVSS6.8AI score0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/15 7:13 a.m.27 views

CVE-2024-6540 Information exlosure in external interface

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

5.7CVSS0.00385EPSS
Exploits0References1
NVD
NVD
added 2022/03/21 10:15 a.m.23 views

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

5.4CVSS0.0043EPSS
Exploits0References1
NVD
NVD
added 2021/10/18 7:15 a.m.20 views

CVE-2021-36097

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...

4.3CVSS0.00506EPSS
Exploits0References1
Prion
Prion
added 2021/10/18 7:15 a.m.18 views

Code injection

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...

4CVSS4.8AI score0.00506EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/07/26 5:15 a.m.2 views

DEBIAN-CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

6.5CVSS5.4AI score0.00814EPSS
Exploits0References1
OSV
OSV
added 2021/07/26 5:15 a.m.24 views

CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

6.5CVSS6.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/06/14 8:15 a.m.29 views

CVE-2021-21439

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS...

6.5CVSS6.2AI score0.00976EPSS
Exploits0References2
CVE
CVE
added 2021/02/08 10:55 a.m.77 views

CVE-2021-21435

CVE-2021-21435 affects OTRS AG OTRS 7.0.x up to 7.0.23 and 8.0.x up to 8.0.10. The issue: when printing a ticket (PDF) via an external interface, Article Bcc fields and agent personal information are exposed. The Initial Description provides CVSS v2/v3.1 scores (base 4.3/6.5) and a reference to O...

6.5CVSS5.8AI score0.01273EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder