Known Vulnerabilities for products from Otrs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Otrs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6060 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2026-2547 json | Not Provided | 2026-02-16 | 2026-02-23 | |
| CVE-2026-2546 json | Not Provided | 2026-02-16 | 2026-02-23 | |
| CVE-2026-2545 json | Not Provided | 2026-02-16 | 2026-02-23 | |
| CVE-2026-1049 json | Not Provided | 2026-01-17 | 2026-02-26 | |
| CVE-2026-1048 json | Not Provided | 2026-01-17 | 2026-02-26 | |
| CVE-2024-23792 json | 6.5 - MEDIUM | 2024-01-29 | 2024-02-02 | |
| CVE-2024-23791 json | 7.5 - HIGH | 2024-01-29 | 2024-02-02 | |
| CVE-2024-23790 json | 9.8 - CRITICAL | 2024-01-29 | 2024-02-02 | |
| CVE-2023-38060 json | Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operatio... | 8.8 - HIGH | 2023-07-24 | 2023-08-31 |
| CVE-2023-38059 json | The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload.... | 5.3 - MEDIUM | 2023-10-16 | 2023-10-19 |
| CVE-2023-38058 json | An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacke... | 4.3 - MEDIUM | 2023-07-24 | 2023-08-01 |
| CVE-2023-38057 json | An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered s... | 5.4 - MEDIUM | 2023-07-24 | 2023-08-04 |
| CVE-2023-38056 json | Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U... | 7.2 - HIGH | 2023-07-24 | 2023-08-01 |
| CVE-2023-6254 json | Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U... | 7.5 - HIGH | 2023-11-27 | 2023-12-01 |
| CVE-2023-5422 json | The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based com... | 9.1 - CRITICAL | 2023-10-16 | 2023-10-20 |
| CVE-2023-5421 json | An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the Cus... | 5.5 - MEDIUM | 2023-10-16 | 2023-10-19 |
| CVE-2023-2534 json | Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to ... | 8.1 - HIGH | 2023-05-08 | 2023-05-16 |
| CVE-2023-1250 json | Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allow... | 7.8 - HIGH | 2023-03-20 | 2023-11-07 |
| CVE-2023-1248 json | Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket ... | 6.1 - MEDIUM | 2023-03-20 | 2023-11-07 |
Known software with vulnerabilities from Otrs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Otrs | Cis In Customer Frontend | 7.0.0 |
| Application | Otrs | Faq | 2.0.1 |
| Application | Otrs | Frontend | 7.0.0 |
| Application | Otrs | Otrs | 0.5 |
| Application | Otrs | Otrs Help Desk | 3.0.0 |
| Application | Otrs | Otrs Itsm | 2.1.0 |
| Application | Otrs | Survey | 1.0.10 |
| Application | Otrs | Ticket Forms | 6.0.0 |