Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2022-4427 Improper Input Validation vulnerability in Otrs 7.0.40/8.0.28
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
network
low complexity
otrs CWE-20
critical
9.8
2022-10-17 CVE-2022-39052 Infinite Loop vulnerability in Otrs
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system
network
low complexity
otrs CWE-835
6.5
2022-10-17 CVE-2022-3501 Missing Authorization vulnerability in Otrs
Article template contents with sensitive data could be accessed from agents without permissions.
network
low complexity
otrs CWE-862
7.5
2022-09-05 CVE-2022-39051 Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
network
low complexity
otrs CWE-913
8.8
2022-06-13 CVE-2022-32739 Unspecified vulnerability in Otrs Calendar Resource Planning and Otrs
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
network
low complexity
otrs
5.0
2022-06-13 CVE-2022-32740 Unspecified vulnerability in Otrs
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
network
otrs
4.3
2022-06-13 CVE-2022-32741 Unspecified vulnerability in Otrs
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
network
low complexity
otrs
5.0
2022-03-21 CVE-2021-36100 OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm
Specially crafted string in OTRS system configuration can allow the execution of any system command.
network
low complexity
otrs CWE-78
critical
9.0
2022-03-21 CVE-2022-0475 Cross-site Scripting vulnerability in Otrs
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed).
network
otrs CWE-79
3.5
2022-03-21 CVE-2022-1004 Information Exposure vulnerability in Otrs
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
network
low complexity
otrs CWE-200
4.0