Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-2385
The iPhoneHandle package 0.9.x prior to 0.9.7 and 1.0.x prior to 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects,...
Otrs Iphonehandle 0.9.6
Otrs Iphonehandle 1.0.1
Otrs Iphonehandle 0.9.1
Otrs Iphonehandle 1.0.2
Otrs Otrs
Otrs Iphonehandle 0.9.4
Otrs Iphonehandle 0.9.5
Otrs Iphonehandle 0.9.2
Otrs Iphonehandle 0.9.3
6.5
CVSSv3
CVE-2013-3551
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.20, 3.1.x prior to 3.1.16, and 3.2.x prior to 3.2.7, and OTRS ITSM 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.5 does not properly restrict tickets, which allows remo...
Otrs Otrs
Otrs Otrs Itsm
8.8
CVSSv3
CVE-2013-4717
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x prior to 3.0.22, 3.1.x prior to 3.1.18, and 3.2.x prior to 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/Pr...
Otrs Otrs
Otrs Otrs Itsm
5.4
CVSSv3
CVE-2013-4718
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x prior to 3.0.9, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
Otrs Otrs
Otrs Otrs Itsm
6.5
CVSSv3
CVE-2018-20800
An issue exists in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table.
Otrs Otrs 5.0.31
Otrs Otrs 6.0.13
4.3
CVSSv3
CVE-2021-21438
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.
Otrs Faq
Otrs Otrs
5.3
CVSSv3
CVE-2022-32739
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
Otrs Calendar Resource Planning
Otrs Otrs
4.3
CVSSv3
CVE-2019-10065
An issue exists in Open Ticket Request System (OTRS) 7.0 up to and including 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
Otrs Otrs
5.4
CVSSv3
CVE-2019-10067
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6 and Community Edition 5.0.x up to and including 5.0.35 and 6.0.x up to and including 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL...
Otrs Otrs
9.8
CVSSv3
CVE-2024-23790
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X up to and including 7.0.48, from 8.0.X up to and including 8.0.37, from 2023 up to and including...
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »