Vulnerabilities > Otrs > Otrs > 3.3.11

DATE CVE VULNERABILITY TITLE RISK
2022-03-21 CVE-2021-36100 OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm
Specially crafted string in OTRS system configuration can allow the execution of any system command.
network
low complexity
otrs CWE-78
8.8
8.8
2020-11-23 CVE-2020-1778 Improper Authentication vulnerability in Otrs
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.
network
low complexity
otrs CWE-287
4.3
4.3
2017-12-08 CVE-2017-16854 Information Exposure vulnerability in multiple products
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
network
low complexity
otrs debian CWE-200
6.5
6.5
2017-11-21 CVE-2017-16664 Code Injection vulnerability in multiple products
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20.
network
low complexity
otrs debian CWE-94
8.8
8.8
2017-11-16 CVE-2017-15864 In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
network
low complexity
otrs debian
8.8
8.8
2017-09-21 CVE-2017-14635 Improper Input Validation vulnerability in Otrs
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
network
low complexity
otrs CWE-20
8.8
8.8
2017-06-12 CVE-2017-9324 Improper Privilege Management vulnerability in multiple products
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access.
network
low complexity
otrs debian CWE-269
8.8
8.8
2017-02-17 CVE-2016-9139 Cross-site Scripting vulnerability in Otrs
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
network
low complexity
otrs CWE-79
6.1
6.1