{"api_version":"1","generated_at":"2026-04-22T23:31:04+00:00","cve":"CVE-2021-21439","urls":{"html":"https://cve.report/CVE-2021-21439","api":"https://cve.report/api/cve/CVE-2021-21439.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-21439","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-21439"},"summary":{"title":"CVE-2021-21439","description":"DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.","state":"PUBLIC","assigner":"security@otrs.com","published_at":"2021-06-14 08:15:00","updated_at":"2023-08-31 03:15:00"},"problem_types":["CWE-755"],"metrics":[],"references":[{"url":"https://otrs.com/release-notes/otrs-security-advisory-2021-09/","name":"https://otrs.com/release-notes/otrs-security-advisory-2021-09/","refsource":"MISC","tags":[],"title":"OTRS Security Advisory 2021-09 | OTRS","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html","name":"[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3551-1] otrs2 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-21439","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21439","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"21439","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"otrs","cpe5":"otrs","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21439","vulnerable":"1","versionEndIncluding":"6.0.30","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"otrs","cpe5":"otrs","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-21439","qid":"179449","title":"Debian Security Update for otrs2 (CVE-2021-21439)"},{"cve":"CVE-2021-21439","qid":"6000085","title":"Debian Security Update for otrs2 (DLA 3551-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@otrs.com","DATE_PUBLIC":"2021-06-14T00:00:00.000Z","ID":"CVE-2021-21439","STATE":"PUBLIC","TITLE":"Possible DoS attack using a special crafted URL in email body"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"((OTRS)) Community Edition","version":{"version_data":[{"version_affected":">=","version_name":"6.0.x","version_value":"6.0.1"}]}},{"product_name":"OTRS","version":{"version_data":[{"version_affected":"<=","version_name":"7.0.x","version_value":"7.0.26"},{"version_affected":"<=","version_name":"8.0.x","version_value":"8.0.13"}]}}]},"vendor_name":"OTRS AG"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://otrs.com/release-notes/otrs-security-advisory-2021-09/","name":"https://otrs.com/release-notes/otrs-security-advisory-2021-09/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}]},"solution":[{"lang":"eng","value":"Update to OTRS 8.0.14 or OTRS 7.0.27."}],"source":{"advisory":"OSA-2021-09","defect":["2021031142000285"],"discovery":"USER"}},"nvd":{"publishedDate":"2021-06-14 08:15:00","lastModifiedDate":"2023-08-31 03:15:00","problem_types":["CWE-755"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*","versionStartIncluding":"6.0.1","versionEndIncluding":"6.0.30","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.27","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.14","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"21439","Ordinal":"195715","Title":"CVE-2021-21439","CVE":"CVE-2021-21439","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"21439","Ordinal":"1","NoteData":"DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"21439","Ordinal":"2","NoteData":"2021-06-14","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"21439","Ordinal":"3","NoteData":"2021-06-14","Type":"Other","Title":"Modified"}]}}}