Vulnerabilities > Otrs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-13 | CVE-2022-32740 | Unspecified vulnerability in Otrs A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. network otrs | 4.3 |
| 2022-06-13 | CVE-2022-32741 | Unspecified vulnerability in Otrs Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. | 5.0 |
| 2022-03-21 | CVE-2022-1004 | Information Exposure vulnerability in Otrs Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | 4.0 |
| 2021-10-18 | CVE-2021-36097 | Unspecified vulnerability in Otrs Agents are able to lock the ticket without the "Owner" permission. | 4.3 |
| 2021-09-06 | CVE-2021-36096 | Cleartext Storage of Sensitive Information vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 4.0 |
| 2021-09-06 | CVE-2021-36093 | Unspecified vulnerability in Otrs It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. | 5.0 |
| 2021-09-06 | CVE-2021-36095 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs Malicious attacker is able to find out valid user logins by using the "lost password" feature. | 5.0 |
| 2021-08-09 | CVE-2013-4717 | SQL Injection vulnerability in Otrs Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. | 6.5 |
| 2021-07-26 | CVE-2021-21440 | Unspecified vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 6.5 |
| 2021-07-26 | CVE-2021-21442 | Cross-site Scripting vulnerability in Otrs Time Accounting 7.0.0/7.0.19 In the project create screen it's possible to inject malicious JS code to the certain fields. | 4.3 |