Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-36097 Incorrect Permission Assignment for Critical Resource vulnerability in Otrs
Agents are able to lock the ticket without the "Owner" permission.
network
low complexity
otrs CWE-732
4.0
2021-09-06 CVE-2021-36096 Cleartext Storage of Sensitive Information vulnerability in Otrs
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.
network
low complexity
otrs CWE-312
4.0
2021-09-06 CVE-2021-36093 Unspecified vulnerability in Otrs
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS.
network
low complexity
otrs
5.0
2021-09-06 CVE-2021-36094 Cross-site Scripting vulnerability in Otrs
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack.
network
otrs CWE-79
3.5
2021-09-06 CVE-2021-36095 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs
Malicious attacker is able to find out valid user logins by using the "lost password" feature.
network
low complexity
otrs CWE-640
5.0
2021-08-09 CVE-2013-4717 SQL Injection vulnerability in Otrs
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
network
low complexity
otrs CWE-89
6.5
2021-08-09 CVE-2013-4718 Cross-site Scripting vulnerability in Otrs
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
network
otrs CWE-79
3.5
2021-07-26 CVE-2021-21440 Unspecified vulnerability in Otrs
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.
network
low complexity
otrs
4.0
2021-07-26 CVE-2021-21442 Cross-site Scripting vulnerability in Otrs Time Accounting 7.0.0/7.0.19
In the project create screen it's possible to inject malicious JS code to the certain fields.
network
otrs CWE-79
4.3
2021-07-26 CVE-2021-21443 Unspecified vulnerability in Otrs
Agents are able to list customer user emails without required permissions in the bulk action screen.
network
low complexity
otrs
4.0