Vulnerabilities > Otrs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-15864 | In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. | 8.8 |
| 2017-09-21 | CVE-2017-14635 | Improper Input Validation vulnerability in Otrs In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. | 8.8 |
| 2017-06-12 | CVE-2017-9324 | Improper Privilege Management vulnerability in multiple products In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. | 8.8 |