Vulnerabilities > Otrs > Otrs > 6.0.1

DATE CVE VULNERABILITY TITLE RISK
2017-12-08 CVE-2017-16854 Information Exposure vulnerability in multiple products
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
network
low complexity
otrs debian CWE-200
4.0
4.0
2017-12-08 CVE-2017-16921 OS Command Injection vulnerability in multiple products
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
network
low complexity
otrs debian CWE-78
critical
 9.0
9.0