Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs 6.0.1 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior v...
Otrs Otrs
356
VMScore
CVE-2017-16854
In Open Ticket Request System (OTRS) up to and including 3.3.20, 4 up to and including 4.0.26, 5 up to and including 5.0.24, and 6 up to and including 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of thei...
Otrs Otrs
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
312
VMScore
CVE-2021-36094
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Otrs Otrs
NA
CVE-2024-23793
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of lo...
NA
CVE-2023-38056
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X prior to 7.0.45, from ...
Otrs Otrs
NA
CVE-2023-38060
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated malicious user to to perform an host header injection for the ContentType header of the a...
Otrs Otrs
NA
CVE-2023-1248
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X prior to 7.0.42; ((OTRS)) Community Edition: from 6.0.1 up to and in...
Otrs Otrs
NA
CVE-2023-1250
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This iss...
Otrs Otrs
NA
CVE-2022-4427
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 prior to 7.0.40 Patch 1, from 8.0.1 prior to 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 up ...
Otrs Otrs 8.0.28
Otrs Otrs 7.0.40
Otrs Otrs
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2