Vulnerabilities > Otrs > Otrs > 8.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-18 | CVE-2021-36097 | Unspecified vulnerability in Otrs Agents are able to lock the ticket without the "Owner" permission. | 4.3 |
2021-07-26 | CVE-2021-21440 | Unspecified vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 6.5 |
2021-07-26 | CVE-2021-36092 | Cross-site Scripting vulnerability in Otrs It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. | 4.3 |
2021-06-14 | CVE-2021-21439 | Improper Handling of Exceptional Conditions vulnerability in Otrs DoS attack can be performed when an email contains specially designed URL in the body. | 6.5 |
2021-02-08 | CVE-2021-21435 | Information Exposure vulnerability in Otrs Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. | 4.3 |
2020-11-23 | CVE-2020-1778 | Improper Authentication vulnerability in Otrs When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. | 4.0 |
2020-10-15 | CVE-2020-1777 | Information Exposure vulnerability in Otrs Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. | 5.0 |