Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39051
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
Otrs Otrs
5
CVSSv2
CVE-2022-32739
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
Otrs Calendar Resource Planning
Otrs Otrs
4.3
CVSSv2
CVE-2022-32740
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
Otrs Otrs
5
CVSSv2
CVE-2022-32741
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
Otrs Otrs
9
CVSSv2
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command.
Otrs Otrs Itsm
Otrs Otrs Storm
Otrs Otrs
4
CVSSv2
CVE-2022-1004
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
Otrs Otrs
3.5
CVSSv2
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
Otrs Otrs
3.5
CVSSv2
CVE-2022-0473
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and...
Otrs Otrs
3.5
CVSSv2
CVE-2022-0474
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions.
Otrs Custom Contact Fields
4
CVSSv2
CVE-2021-36097
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...
Otrs Otrs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »