Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-13457
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is ...
Otrs Otrs
4
CVSSv2
CVE-2019-10065
An issue exists in Open Ticket Request System (OTRS) 7.0 up to and including 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
Otrs Otrs
4
CVSSv2
CVE-2013-4088
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.21, 3.1.x prior to 3.1.17, and 3.2.x prior to 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL...
Otrs Otrs
4
CVSSv2
CVE-2013-3551
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.20, 3.1.x prior to 3.1.16, and 3.2.x prior to 3.2.7, and OTRS ITSM 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.5 does not properly restrict tickets, which allows remo...
Otrs Otrs
Otrs Otrs Itsm
4.3
CVSSv2
CVE-2013-2637
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM before 3.2.4, 3.1.8, and 3.0.7 and FAQ before 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
Otrs Faq
Otrs Otrs Itsm
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
1 EDB exploit
5.5
CVSSv2
CVE-2020-1768
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
Otrs Otrs
5
CVSSv2
CVE-2020-1765
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x...
Otrs Otrs
Debian Debian Linux 8.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
4.3
CVSSv2
CVE-2020-1766
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5....
Otrs Otrs
Debian Debian Linux 8.0
3.5
CVSSv2
CVE-2020-1767
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Ed...
Otrs Otrs
Debian Debian Linux 8.0
4
CVSSv2
CVE-2019-18179
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.12, and Community Edition 5.0.x up to and including 5.0.38 and 6.0.x up to and including 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, ev...
Otrs Otrs
Debian Debian Linux 8.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »