Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-10065
An issue exists in Open Ticket Request System (OTRS) 7.0 up to and including 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
Otrs Otrs
5.4
CVSSv3
CVE-2019-10066
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6, Community Edition 6.0.x up to and including 6.0.17, and OTRSAppointmentCalendar 5.0.x up to and including 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may c...
Otrs Otrs
6.5
CVSSv3
CVE-2021-21435
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
Otrs Otrs
6.5
CVSSv3
CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior v...
Otrs Otrs
7.5
CVSSv3
CVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intracti...
Otrs Otrs
4.3
CVSSv3
CVE-2021-21443
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions before 7.0.27.
Otrs Otrs
NA
CVE-2008-1515
The SOAP interface in OTRS 2.1.x prior to 2.1.8 and 2.2.x prior to 2.2.6 allows remote malicious users to "read and modify objects" via SOAP requests, related to "Missing security checks."
Otrs Otrs
4.8
CVSSv3
CVE-2019-9751
An issue exists in Open Ticket Request System (OTRS) 6.x prior to 6.0.17 and 7.x prior to 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document...
Otrs Otrs
8.1
CVSSv3
CVE-2023-2534
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated malicious user to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories...
Otrs Otrs
5.4
CVSSv3
CVE-2019-10067
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6 and Community Edition 5.0.x up to and including 5.0.35 and 6.0.x up to and including 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL...
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »