Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2022-03-21 CVE-2021-36100 Command Injection vulnerability in Otrs
Specially crafted string in OTRS system configuration can allow the execution of any system command.
network
low complexity
otrs CWE-77
critical
9.0
2022-03-21 CVE-2022-0475 Cross-site Scripting vulnerability in Otrs
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed).
network
otrs CWE-79
3.5
2022-03-21 CVE-2022-1004 Information Exposure vulnerability in Otrs
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
network
low complexity
otrs CWE-200
4.0
2022-02-07 CVE-2022-0473 Cross-site Scripting vulnerability in Otrs
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check.
network
otrs CWE-79
3.5
2022-02-07 CVE-2022-0474 Information Exposure vulnerability in Otrs Custom Contact Fields
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually.
network
otrs CWE-200
3.5
2021-10-18 CVE-2021-36097 Incorrect Permission Assignment for Critical Resource vulnerability in Otrs
Agents are able to lock the ticket without the "Owner" permission.
network
low complexity
otrs CWE-732
4.0
2021-09-06 CVE-2021-36096 Cleartext Storage of Sensitive Information vulnerability in Otrs
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.
network
low complexity
otrs CWE-312
4.0
2021-09-06 CVE-2021-36093 Unspecified vulnerability in Otrs
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS.
network
low complexity
otrs
5.0
2021-09-06 CVE-2021-36094 Cross-site Scripting vulnerability in Otrs
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack.
network
otrs CWE-79
3.5
2021-09-06 CVE-2021-36095 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs
Malicious attacker is able to find out valid user logins by using the "lost password" feature.
network
low complexity
otrs CWE-640
5.0