Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-1775
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
Otrs Otrs
4.3
CVSSv3
CVE-2020-1769
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior version...
Otrs Otrs
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
4.3
CVSSv3
CVE-2020-1770
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Otrs Otrs
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
Debian Debian Linux 8.0
4.3
CVSSv3
CVE-2019-13457
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is ...
Otrs Otrs
4.3
CVSSv3
CVE-2019-10065
An issue exists in Open Ticket Request System (OTRS) 7.0 up to and including 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
Otrs Otrs
4.3
CVSSv3
CVE-2020-1767
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Ed...
Otrs Otrs
Debian Debian Linux 8.0
4.3
CVSSv3
CVE-2019-18179
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.12, and Community Edition 5.0.x up to and including 5.0.38 and 6.0.x up to and including 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, ev...
Otrs Otrs
Debian Debian Linux 8.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
4.3
CVSSv3
CVE-2019-12248
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.7, Community Edition 6.0.x up to and including 6.0.19, and Community Edition 5.0.x up to and including 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user ...
Otrs Otrs
Debian Debian Linux 8.0
4.3
CVSSv3
CVE-2019-9753
An issue exists in Open Ticket Request System (OTRS) 7.x prior to 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom P...
Otrs Otrs
4.3
CVSSv3
CVE-2018-16586
In Open Ticket Request System (OTRS) 4.0.x prior to 4.0.32, 5.0.x prior to 5.0.30, and 6.0.x prior to 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
Otrs Open Ticket Request System
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »