Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-36097
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...
Otrs Otrs
356
VMScore
CVE-2021-36096
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior v...
Otrs Otrs
312
VMScore
CVE-2021-36094
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Otrs Otrs
445
VMScore
CVE-2021-36095
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Otrs Otrs
445
VMScore
CVE-2021-36093
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8....
Otrs Otrs
578
VMScore
CVE-2013-4717
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x prior to 3.0.22, 3.1.x prior to 3.1.18, and 3.2.x prior to 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/Pr...
Otrs Otrs
Otrs Otrs Itsm
312
VMScore
CVE-2013-4718
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x prior to 3.0.9, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
Otrs Otrs
Otrs Otrs Itsm
356
VMScore
CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior v...
Otrs Otrs
383
VMScore
CVE-2021-21442
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions before 7.0.19.
Otrs Time Accounting
356
VMScore
CVE-2021-21443
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions before 7.0.27.
Otrs Otrs
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »