Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2021-02-08 CVE-2020-1779 Information Exposure vulnerability in Otrs Ticket Forms
When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information.
network
low complexity
otrs CWE-200
4.9
2020-11-23 CVE-2020-1778 Improper Authentication vulnerability in Otrs
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.
network
low complexity
otrs CWE-287
4.3
2020-10-15 CVE-2020-1777 Information Exposure vulnerability in Otrs
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names.
network
low complexity
otrs CWE-200
5.3
2020-07-20 CVE-2020-1776 Insufficient Session Expiration vulnerability in Otrs
When an agent user is renamed or set to invalid the session belonging to the user is keept active.
network
low complexity
otrs CWE-613
4.3
2020-06-08 CVE-2020-1775 Information Exposure vulnerability in Otrs
BCC recipients in mails sent from OTRS are visible in article detail on external interface.
network
low complexity
otrs CWE-200
4.3
2020-04-28 CVE-2020-1774 When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys.
network
low complexity
otrs debian
4.9
2020-03-27 CVE-2020-1773 Insufficient Entropy vulnerability in Otrs
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords.
network
low complexity
otrs CWE-331
8.1
2020-03-27 CVE-2020-1772 It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords.
network
low complexity
otrs opensuse debian
7.5
2020-03-27 CVE-2020-1771 Cross-site Scripting vulnerability in Otrs
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript).
network
low complexity
otrs CWE-79
5.4
2020-03-27 CVE-2020-1770 Information Exposure vulnerability in multiple products
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed.
network
low complexity
otrs opensuse debian CWE-200
4.3