Known Vulnerabilities for products from Otrs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Otrs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0475 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-21 | 2022-03-28 |
| CVE-2022-0474 | Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notif... | 3.5 - LOW | 2022-02-07 | 2022-02-25 |
| CVE-2022-0473 | OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expr... | 4.8 - MEDIUM | 2022-02-07 | 2022-02-14 |
| CVE-2021-36100 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-21 | 2023-08-31 |
| CVE-2021-36097 | Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue ... | 4.3 - MEDIUM | 2021-10-18 | 2022-10-27 |
| CVE-2021-36096 | Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS A... | 4.9 - MEDIUM | 2021-09-06 | 2021-09-13 |
| CVE-2021-36095 | Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((... | 5.3 - MEDIUM | 2021-09-06 | 2021-09-09 |
| CVE-2021-36094 | It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG... | 5.4 - MEDIUM | 2021-09-06 | 2021-09-09 |
| CVE-2021-36093 | It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affe... | 5.3 - MEDIUM | 2021-09-06 | 2021-09-09 |
| CVE-2021-36092 | It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue a... | 6.1 - MEDIUM | 2021-07-26 | 2021-08-04 |
| CVE-2021-36091 | Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Comm... | 4.3 - MEDIUM | 2021-07-26 | 2023-08-31 |
| CVE-2021-21443 | Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS... | 4.3 - MEDIUM | 2021-07-26 | 2023-08-31 |
| CVE-2021-21442 | In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in t... | 5.4 - MEDIUM | 2021-07-26 | 2021-08-04 |
| CVE-2021-21441 | There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail... | 7.5 - HIGH | 2021-06-16 | 2023-08-31 |
| CVE-2021-21440 | Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS A... | 6.5 - MEDIUM | 2021-07-26 | 2023-08-31 |
| CVE-2021-21439 | DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and ... | 6.5 - MEDIUM | 2021-06-14 | 2023-08-31 |
| CVE-2021-21438 | Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0... | 4.3 - MEDIUM | 2021-03-22 | 2021-03-25 |
| CVE-2021-21437 | Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTR... | 4.3 - MEDIUM | 2021-03-22 | 2022-10-24 |
| CVE-2021-21436 | Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: O... | 4.3 - MEDIUM | 2021-02-08 | 2021-02-10 |
| CVE-2021-21435 | Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. Thi... | 6.5 - MEDIUM | 2021-02-08 | 2021-02-09 |
Known software with vulnerabilities from Otrs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Otrs | Cis In Customer Frontend | 7.0.0 |
| Application | Otrs | Faq | 2.0.1 |
| Application | Otrs | Frontend | 7.0.0 |
| Application | Otrs | Otrs | 0.5 |
| Application | Otrs | Otrs Help Desk | 3.0.0 |
| Application | Otrs | Otrs Itsm | 2.1.0 |
| Application | Otrs | Survey | 1.0.10 |
| Application | Otrs | Ticket Forms | 6.0.0 |