Vulnerabilities > Otrs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-15 | CVE-2024-23794 | Unspecified vulnerability in Otrs An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. | 7.5 |
| 2024-01-29 | CVE-2024-23791 | Information Exposure Through Log Files vulnerability in Otrs Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. | 7.5 |
| 2023-11-27 | CVE-2023-6254 | Insufficiently Protected Credentials vulnerability in Otrs A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. | 7.5 |
| 2023-07-24 | CVE-2023-38056 | OS Command Injection vulnerability in Otrs Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. | 7.2 |
| 2023-07-24 | CVE-2023-38060 | Injection vulnerability in Otrs Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 8.8 |
| 2023-05-08 | CVE-2023-2534 | Incorrect Authorization vulnerability in Otrs Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. | 8.1 |
| 2023-03-20 | CVE-2023-1250 | Code Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. | 7.8 |
| 2022-10-17 | CVE-2022-3501 | Missing Authorization vulnerability in Otrs Article template contents with sensitive data could be accessed from agents without permissions. | 7.5 |
| 2022-09-05 | CVE-2022-39051 | Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | 8.8 |
| 2022-03-21 | CVE-2021-36100 | OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm Specially crafted string in OTRS system configuration can allow the execution of any system command. | 8.8 |