Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2022-06-13 CVE-2022-32740 Unspecified vulnerability in Otrs
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
network
otrs
4.3
2022-06-13 CVE-2022-32741 Unspecified vulnerability in Otrs
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
network
low complexity
otrs
5.0
2022-03-21 CVE-2021-36100 OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm
Specially crafted string in OTRS system configuration can allow the execution of any system command.
network
low complexity
otrs CWE-78
8.8
2022-03-21 CVE-2022-0475 Cross-site Scripting vulnerability in Otrs
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed).
network
otrs CWE-79
3.5
2022-03-21 CVE-2022-1004 Information Exposure vulnerability in Otrs
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
network
low complexity
otrs CWE-200
4.0
2022-02-07 CVE-2022-0473 Cross-site Scripting vulnerability in Otrs
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check.
network
otrs CWE-79
3.5
2022-02-07 CVE-2022-0474 Information Exposure vulnerability in Otrs Custom Contact Fields
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually.
network
otrs CWE-200
3.5
2021-10-18 CVE-2021-36097 Unspecified vulnerability in Otrs
Agents are able to lock the ticket without the "Owner" permission.
network
low complexity
otrs
4.3
2021-09-06 CVE-2021-36096 Cleartext Storage of Sensitive Information vulnerability in Otrs
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.
network
low complexity
otrs CWE-312
4.0
2021-09-06 CVE-2021-36093 Unspecified vulnerability in Otrs
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS.
network
low complexity
otrs
5.0