Vulnerabilities > Otrs > Otrs > 6.0.28

DATE CVE VULNERABILITY TITLE RISK
2021-02-08 CVE-2021-21435 Information Exposure vulnerability in Otrs
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface.
network
otrs CWE-200
4.3
4.3
2020-11-23 CVE-2020-1778 Improper Authentication vulnerability in Otrs
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.
network
low complexity
otrs CWE-287
4.0
4.0
2020-07-20 CVE-2020-1776 Insufficient Session Expiration vulnerability in Otrs
When an agent user is renamed or set to invalid the session belonging to the user is keept active.
network
low complexity
otrs CWE-613
4.3
4.3