Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1515
The SOAP interface in OTRS 2.1.x prior to 2.1.8 and 2.2.x prior to 2.2.6 allows remote malicious users to "read and modify objects" via SOAP requests, related to "Missing security checks."
Otrs Otrs
9.1
CVSSv3
CVE-2023-5422
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies...
Otrs Otrs
4.3
CVSSv3
CVE-2021-21443
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions before 7.0.27.
Otrs Otrs
4.3
CVSSv3
CVE-2018-10198
An issue exists in OTRS 6.0.x prior to 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
Otrs Otrs
5.4
CVSSv3
CVE-2019-10066
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6, Community Edition 6.0.x up to and including 6.0.17, and OTRSAppointmentCalendar 5.0.x up to and including 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may c...
Otrs Otrs
4.8
CVSSv3
CVE-2022-39049
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
Otrs Otrs
4.8
CVSSv3
CVE-2019-9751
An issue exists in Open Ticket Request System (OTRS) 6.x prior to 6.0.17 and 7.x prior to 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document...
Otrs Otrs
4.3
CVSSv3
CVE-2019-9753
An issue exists in Open Ticket Request System (OTRS) 7.x prior to 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom P...
Otrs Otrs
5.3
CVSSv3
CVE-2022-32741
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
Otrs Otrs
6.5
CVSSv3
CVE-2021-21439
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and...
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »