Known Vulnerabilities for products from Otrs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Otrs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6060 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2024-23792 json | 6.5 - MEDIUM | 2024-01-29 | 2024-02-02 | |
| CVE-2024-23791 json | 7.5 - HIGH | 2024-01-29 | 2024-02-02 | |
| CVE-2024-23790 json | 9.8 - CRITICAL | 2024-01-29 | 2024-02-02 | |
| CVE-2023-38060 json | Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operatio... | 8.8 - HIGH | 2023-07-24 | 2023-08-31 |
| CVE-2023-38059 json | The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload.... | 5.3 - MEDIUM | 2023-10-16 | 2023-10-19 |
| CVE-2023-38058 json | An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacke... | 4.3 - MEDIUM | 2023-07-24 | 2023-08-01 |
| CVE-2023-38057 json | An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered s... | 5.4 - MEDIUM | 2023-07-24 | 2023-08-04 |
| CVE-2023-38056 json | Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U... | 7.2 - HIGH | 2023-07-24 | 2023-08-01 |
| CVE-2023-6254 json | Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U... | 7.5 - HIGH | 2023-11-27 | 2023-12-01 |
| CVE-2023-5422 json | The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based com... | 9.1 - CRITICAL | 2023-10-16 | 2023-10-20 |
| CVE-2023-5421 json | An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the Cus... | 5.5 - MEDIUM | 2023-10-16 | 2023-10-19 |
| CVE-2023-2534 json | Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to ... | 8.1 - HIGH | 2023-05-08 | 2023-05-16 |
| CVE-2023-1250 json | Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allow... | 7.8 - HIGH | 2023-03-20 | 2023-11-07 |
| CVE-2023-1248 json | Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket ... | 6.1 - MEDIUM | 2023-03-20 | 2023-11-07 |
| CVE-2022-39052 json | An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the syst... | 6.5 - MEDIUM | 2022-10-17 | 2022-10-20 |
| CVE-2022-39051 json | Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3... | 8.8 - HIGH | 2022-09-05 | 2022-10-01 |
| CVE-2022-39050 json | An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run lat... | 4.8 - MEDIUM | 2022-09-05 | 2022-09-08 |
| CVE-2022-39049 json | An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context o... | 4.8 - MEDIUM | 2022-09-05 | 2022-09-08 |
| CVE-2022-32741 json | Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on t... | 5.3 - MEDIUM | 2022-06-13 | 2022-06-22 |
Known software with vulnerabilities from Otrs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Otrs | Cis In Customer Frontend | 7.0.0 |
| Application | Otrs | Faq | 2.0.1 |
| Application | Otrs | Frontend | 7.0.0 |
| Application | Otrs | Otrs | 0.5 |
| Application | Otrs | Otrs Help Desk | 3.0.0 |
| Application | Otrs | Otrs Itsm | 2.1.0 |
| Application | Otrs | Survey | 1.0.10 |
| Application | Otrs | Ticket Forms | 6.0.0 |