Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2024-07-15 CVE-2024-23794 Unspecified vulnerability in Otrs
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation.
network
high complexity
otrs
7.5
2024-07-15 CVE-2024-6540 Unspecified vulnerability in Otrs
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers.
network
high complexity
otrs
5.3
2024-01-29 CVE-2024-23790 Improper Validation of Integrity Check Value vulnerability in Otrs
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
network
low complexity
otrs CWE-354
critical
9.8
2024-01-29 CVE-2024-23791 Information Exposure Through Log Files vulnerability in Otrs
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
network
low complexity
otrs CWE-532
7.5
2024-01-29 CVE-2024-23792 Improper Authentication vulnerability in Otrs
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user.
network
low complexity
otrs CWE-287
6.5
2023-11-27 CVE-2023-6254 Insufficiently Protected Credentials vulnerability in Otrs
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.
network
low complexity
otrs CWE-522
7.5
2023-10-16 CVE-2023-38059 Unspecified vulnerability in Otrs
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload.
network
low complexity
otrs
5.3
2023-10-16 CVE-2023-5421 Cross-site Scripting vulnerability in Otrs
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
network
low complexity
otrs CWE-79
5.5
2023-10-16 CVE-2023-5422 Improper Certificate Validation vulnerability in Otrs
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication.
network
low complexity
otrs CWE-295
critical
9.1
2023-07-24 CVE-2023-38056 OS Command Injection vulnerability in Otrs
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g.
network
low complexity
otrs CWE-78
7.2