Vulnerabilities > Otrs > Otrs > 2.1.0

DATE CVE VULNERABILITY TITLE RISK
2022-03-21 CVE-2021-36100 OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm
Specially crafted string in OTRS system configuration can allow the execution of any system command.
network
low complexity
otrs CWE-78
8.8
2020-11-23 CVE-2020-1778 Improper Authentication vulnerability in Otrs
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.
network
low complexity
otrs CWE-287
4.0
2011-08-29 CVE-2011-2746 Local File Disclosure vulnerability in OTRS 'AdminPackageManager.pm'
Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.
network
low complexity
otrs
4.0
2011-03-18 CVE-2011-1433 Cryptographic Issues vulnerability in Otrs
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
network
low complexity
otrs CWE-310
5.0
2011-03-18 CVE-2010-4768 Permissions, Privileges, and Access Controls vulnerability in Otrs
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.
network
otrs CWE-264
6.0
2011-03-18 CVE-2010-4767 Improper Input Validation vulnerability in Otrs
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
network
low complexity
otrs CWE-20
5.0
2011-03-18 CVE-2010-4766 Improper Input Validation vulnerability in Otrs
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client.
network
otrs CWE-20
4.3
2011-03-18 CVE-2010-4765 Race Condition vulnerability in Otrs
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.
network
otrs CWE-362
4.9
2011-03-18 CVE-2010-4764 Credentials Management vulnerability in Otrs
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.
network
low complexity
otrs CWE-255
5.0
2011-03-18 CVE-2010-4763 Permissions, Privileges, and Access Controls vulnerability in Otrs
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
network
low complexity
otrs CWE-264
6.5