Vulnerabilities > CVE-2021-21437 - Missing Authorization vulnerability in Otrs products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
otrs
CWE-862

Summary

Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions

Vulnerable Configurations

Part Description Count
Application
Otrs
2

Common Weakness Enumeration (CWE)