Vulnerabilities > Otrs > Otrs Itsm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2021-36100 | OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm Specially crafted string in OTRS system configuration can allow the execution of any system command. | 8.8 |
| 2021-08-09 | CVE-2013-4717 | SQL Injection vulnerability in Otrs and Otrs Itsm Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. | 8.8 |