Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2021-36096
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior v...
Otrs Otrs
7.2
CVSSv3
CVE-2023-38056
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X prior to 7.0.45, from ...
Otrs Otrs
4.3
CVSSv3
CVE-2023-38058
An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated malicious user to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X prior to 8.0.35.
Otrs Otrs
5.3
CVSSv3
CVE-2023-38059
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X prior to 7.0.47, from 8.0.X prior to 8.0.37; ((OTRS)) Community Editio...
Otrs Otrs
NA
CVE-2008-1515
The SOAP interface in OTRS 2.1.x prior to 2.1.8 and 2.2.x prior to 2.2.6 allows remote malicious users to "read and modify objects" via SOAP requests, related to "Missing security checks."
Otrs Otrs
8.1
CVSSv3
CVE-2023-2534
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated malicious user to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories...
Otrs Otrs
7.5
CVSSv3
CVE-2019-18180
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote malicious user to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Comm...
Otrs Otrs
6.1
CVSSv3
CVE-2023-1248
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X prior to 7.0.42; ((OTRS)) Community Edition: from 6.0.1 up to and in...
Otrs Otrs
7.5
CVSSv3
CVE-2022-3501
Article template contents with sensitive data could be accessed from agents without permissions.
Otrs Otrs
6.5
CVSSv3
CVE-2022-39052
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »