Vulnerabilities > Otrs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-13 | CVE-2022-32740 | Unspecified vulnerability in Otrs A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. network otrs | 4.3 |
2022-06-13 | CVE-2022-32741 | Unspecified vulnerability in Otrs Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. | 5.0 |
2022-03-21 | CVE-2021-36100 | OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm Specially crafted string in OTRS system configuration can allow the execution of any system command. | 8.8 |
2022-03-21 | CVE-2022-0475 | Cross-site Scripting vulnerability in Otrs Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). | 3.5 |
2022-03-21 | CVE-2022-1004 | Information Exposure vulnerability in Otrs Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | 4.0 |
2022-02-07 | CVE-2022-0473 | Cross-site Scripting vulnerability in Otrs OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. | 3.5 |
2022-02-07 | CVE-2022-0474 | Information Exposure vulnerability in Otrs Custom Contact Fields Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. | 3.5 |
2021-10-18 | CVE-2021-36097 | Unspecified vulnerability in Otrs Agents are able to lock the ticket without the "Owner" permission. | 4.3 |
2021-09-06 | CVE-2021-36096 | Cleartext Storage of Sensitive Information vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 4.0 |
2021-09-06 | CVE-2021-36093 | Unspecified vulnerability in Otrs It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. | 5.0 |