Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs 6.0.1 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 up to and including 5.0.24 and 6.0.0 up to and including 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall ...
Otrs Otrs 6.0.0
Otrs Otrs 6.0.1
Otrs Otrs
8.8
CVSSv3
CVE-2017-16921
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of ...
Otrs Otrs 4.0.24
Otrs Otrs 4.0.22
Otrs Otrs 4.0.15
Otrs Otrs 4.0.13
Otrs Otrs 4.0.6
Otrs Otrs 4.0.4
Otrs Otrs 5.0.23
Otrs Otrs 5.0.21
Otrs Otrs 5.0.14
Otrs Otrs 5.0.12
Otrs Otrs 5.0.5
Otrs Otrs 5.0.3
Otrs Otrs 5.0.0
Otrs Otrs 6.0.0
Otrs Otrs 4.0.20
Otrs Otrs 4.0.19
Otrs Otrs 4.0.18
Otrs Otrs 4.0.17
Otrs Otrs 4.0.16
Otrs Otrs 4.0.3
Otrs Otrs 4.0.2
Otrs Otrs 4.0.1
1 EDB exploit
9.8
CVSSv3
CVE-2022-4427
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 prior to 7.0.40 Patch 1, from 8.0.1 prior to 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 up ...
Otrs Otrs 8.0.28
Otrs Otrs 7.0.40
Otrs Otrs
4.3
CVSSv3
CVE-2021-36091
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions before 7.0.27.
Otrs Otrs
5.3
CVSSv3
CVE-2021-36095
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Otrs Otrs
4.3
CVSSv3
CVE-2021-21443
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions before 7.0.27.
Otrs Otrs
6.1
CVSSv3
CVE-2023-1248
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X prior to 7.0.42; ((OTRS)) Community Edition: from 6.0.1 up to and in...
Otrs Otrs
5.4
CVSSv3
CVE-2021-36094
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Otrs Otrs
7.2
CVSSv3
CVE-2023-38056
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X prior to 7.0.45, from ...
Otrs Otrs
6.5
CVSSv3
CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior v...
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »