Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2022-06-13 CVE-2022-32739 Unspecified vulnerability in Otrs Calendar Resource Planning and Otrs
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
network
low complexity
otrs
5.0
2022-06-13 CVE-2022-32740 Unspecified vulnerability in Otrs
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
network
otrs
4.3
2022-06-13 CVE-2022-32741 Unspecified vulnerability in Otrs
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
network
low complexity
otrs
5.0
2022-03-21 CVE-2021-36100 OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm
Specially crafted string in OTRS system configuration can allow the execution of any system command.
network
low complexity
otrs CWE-78
critical
9.0
2022-03-21 CVE-2022-0475 Cross-site Scripting vulnerability in Otrs
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed).
network
otrs CWE-79
3.5
2022-03-21 CVE-2022-1004 Information Exposure vulnerability in Otrs
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
network
low complexity
otrs CWE-200
4.0
2022-02-07 CVE-2022-0473 Cross-site Scripting vulnerability in Otrs
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check.
network
otrs CWE-79
3.5
2022-02-07 CVE-2022-0474 Information Exposure vulnerability in Otrs Custom Contact Fields
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually.
network
otrs CWE-200
3.5
2021-10-18 CVE-2021-36097 Incorrect Permission Assignment for Critical Resource vulnerability in Otrs
Agents are able to lock the ticket without the "Owner" permission.
network
low complexity
otrs CWE-732
4.0
2021-09-06 CVE-2021-36096 Cleartext Storage of Sensitive Information vulnerability in Otrs
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.
network
low complexity
otrs CWE-312
4.0