Known Vulnerabilities for products from Otrs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Otrs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48210 json | Not Provided | 2026-05-31 | 2026-06-01 | |
| CVE-2026-48209 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-48208 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-48191 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-48190 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-48189 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-48188 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-48187 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-6060 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2024-23792 json | 6.5 - MEDIUM | 2024-01-29 | 2024-02-02 | |
| CVE-2024-23791 json | 7.5 - HIGH | 2024-01-29 | 2024-02-02 | |
| CVE-2024-23790 json | 9.8 - CRITICAL | 2024-01-29 | 2024-02-02 | |
| CVE-2023-38060 json | Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operatio... | 8.8 - HIGH | 2023-07-24 | 2023-08-31 |
| CVE-2023-38059 json | The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload.... | 5.3 - MEDIUM | 2023-10-16 | 2023-10-19 |
| CVE-2023-38058 json | An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacke... | 4.3 - MEDIUM | 2023-07-24 | 2023-08-01 |
| CVE-2023-38057 json | An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered s... | 5.4 - MEDIUM | 2023-07-24 | 2023-08-04 |
| CVE-2023-38056 json | Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U... | 7.2 - HIGH | 2023-07-24 | 2023-08-01 |
| CVE-2023-6254 json | Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U... | 7.5 - HIGH | 2023-11-27 | 2023-12-01 |
| CVE-2023-5422 json | The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based com... | 9.1 - CRITICAL | 2023-10-16 | 2023-10-20 |
| CVE-2023-5421 json | An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the Cus... | 5.5 - MEDIUM | 2023-10-16 | 2023-10-19 |
Known software with vulnerabilities from Otrs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Otrs | Cis In Customer Frontend | 7.0.0 |
| Application | Otrs | Faq | 2.0.1 |
| Application | Otrs | Frontend | 7.0.0 |
| Application | Otrs | Otrs | 0.5 |
| Application | Otrs | Otrs Help Desk | 3.0.0 |
| Application | Otrs | Otrs Itsm | 2.1.0 |
| Application | Otrs | Survey | 1.0.10 |
| Application | Otrs | Ticket Forms | 6.0.0 |