Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2020-11-23 CVE-2020-1778 Improper Authentication vulnerability in Otrs
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.
network
low complexity
otrs CWE-287
4.0
2020-10-15 CVE-2020-1777 Information Exposure vulnerability in Otrs
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names.
network
low complexity
otrs CWE-200
5.0
2020-07-20 CVE-2020-1776 Insufficient Session Expiration vulnerability in Otrs
When an agent user is renamed or set to invalid the session belonging to the user is keept active.
network
low complexity
otrs CWE-613
4.0
2020-06-08 CVE-2020-1775 Information Exposure vulnerability in Otrs
BCC recipients in mails sent from OTRS are visible in article detail on external interface.
network
otrs CWE-200
4.3
2020-04-28 CVE-2020-1774 Information Exposure vulnerability in multiple products
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys.
network
low complexity
otrs debian CWE-200
4.0
2020-03-27 CVE-2020-1773 Insufficient Entropy vulnerability in Otrs
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords.
network
low complexity
otrs CWE-331
5.5
2020-03-27 CVE-2020-1772 Information Exposure vulnerability in Otrs
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords.
network
low complexity
otrs CWE-200
5.0
2020-03-27 CVE-2020-1771 Cross-Site Scripting vulnerability in Otrs
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript).
network
otrs CWE-79
3.5
2020-03-27 CVE-2020-1770 Information Exposure vulnerability in Otrs
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed.
network
low complexity
otrs CWE-200
4.0
2020-03-27 CVE-2020-1769 Information Exposure vulnerability in Otrs
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue.
network
low complexity
otrs CWE-200
4.0