Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs open ticket request system vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-17883
An issue exists in Open Ticket Request System (OTRS) 6.0.x prior to 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
Otrs Otrs
8.8
CVSSv3
CVE-2013-4717
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x prior to 3.0.22, 3.1.x prior to 3.1.18, and 3.2.x prior to 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/Pr...
Otrs Otrs Itsm
Otrs Otrs
5.4
CVSSv3
CVE-2013-4718
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x prior to 3.0.9, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
Otrs Otrs Itsm
Otrs Otrs
5.4
CVSSv3
CVE-2019-16375
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.11, and Community Edition 5.0.x up to and including 5.0.37 and 6.0.x up to and including 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a ...
Otrs Otrs
4.3
CVSSv3
CVE-2019-13457
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is ...
Otrs Otrs
4.3
CVSSv3
CVE-2019-10065
An issue exists in Open Ticket Request System (OTRS) 7.0 up to and including 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
Otrs Otrs
6.5
CVSSv3
CVE-2013-4088
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.21, 3.1.x prior to 3.1.17, and 3.2.x prior to 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL...
Otrs Otrs
6.5
CVSSv3
CVE-2013-3551
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.20, 3.1.x prior to 3.1.16, and 3.2.x prior to 3.2.7, and OTRS ITSM 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.5 does not properly restrict tickets, which allows remo...
Otrs Otrs
Otrs Otrs Itsm
4.3
CVSSv3
CVE-2019-18179
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.12, and Community Edition 5.0.x up to and including 5.0.38 and 6.0.x up to and including 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, ev...
Otrs Otrs
Debian Debian Linux 8.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
6.5
CVSSv3
CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk prior to 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM prior to 3.2.3, 3.1.8, and 3.0.7, and FAQ prior to 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
Otrs Otrs Help Desk
Otrs Otrs Itsm
Otrs Faq
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »