Vulnerabilities > Otrs > Otrs > 8.0.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2023-2534 | Incorrect Authorization vulnerability in Otrs Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. | 8.1 |
| 2023-03-20 | CVE-2023-1250 | Code Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. | 7.8 |
| 2022-12-19 | CVE-2022-4427 | SQL Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 9.8 |
| 2022-10-17 | CVE-2022-39052 | Infinite Loop vulnerability in Otrs An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system | 6.5 |
| 2022-10-17 | CVE-2022-3501 | Missing Authorization vulnerability in Otrs Article template contents with sensitive data could be accessed from agents without permissions. | 7.5 |
| 2022-09-05 | CVE-2022-39051 | Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | 8.8 |
| 2022-06-13 | CVE-2022-32739 | Unspecified vulnerability in Otrs Calendar Resource Planning and Otrs When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | 5.0 |
| 2022-06-13 | CVE-2022-32740 | Unspecified vulnerability in Otrs A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. network otrs | 4.3 |
| 2022-06-13 | CVE-2022-32741 | Unspecified vulnerability in Otrs Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. | 5.0 |
| 2022-03-21 | CVE-2021-36100 | OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm Specially crafted string in OTRS system configuration can allow the execution of any system command. | 8.8 |