CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-21436

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.4%

CVSS Severity

CVSS v3 Score 3.5

CVSS v2 Score 4.0

References

https://otrs.com/release-notes/otrs-security-advisory-2021-04/
https://otrs.com/release-notes/otrs-security-advisory-2021-04/

Products affected by CVE-2021-21436

Otrs » Cis In Customer Frontend » Version: 7.0.0

cpe:2.3:a:otrs:cis_in_customer_frontend:7.0.0
Otrs » Cis In Customer Frontend » Version: 7.0.14

cpe:2.3:a:otrs:cis_in_customer_frontend:7.0.14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21436

Products

Pricing

Contact Us