Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2023-5421
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseA...
Otrs Otrs
9.1
CVSSv3
CVE-2023-5422
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies...
Otrs Otrs
4.3
CVSSv3
CVE-2023-38058
An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated malicious user to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X prior to 8.0.35.
Otrs Otrs
5.3
CVSSv3
CVE-2023-38059
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X prior to 7.0.47, from 8.0.X prior to 8.0.37; ((OTRS)) Community Editio...
Otrs Otrs
4.8
CVSSv3
CVE-2022-39049
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
Otrs Otrs
7.8
CVSSv3
CVE-2023-1250
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This iss...
Otrs Otrs
6.5
CVSSv3
CVE-2013-4088
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.21, 3.1.x prior to 3.1.17, and 3.2.x prior to 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL...
Otrs Otrs
NA
CVE-2008-1515
The SOAP interface in OTRS 2.1.x prior to 2.1.8 and 2.2.x prior to 2.2.6 allows remote malicious users to "read and modify objects" via SOAP requests, related to "Missing security checks."
Otrs Otrs
8.1
CVSSv3
CVE-2023-2534
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated malicious user to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories...
Otrs Otrs
6.5
CVSSv3
CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior v...
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »