Vulnerabilities
Vulnerable Software
Otrs:  >> Otrs  >> 6.0.0  Security Vulnerabilities
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
CVSS Score
6.8
EPSS Score
0.007
Published
2022-09-05
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
CVSS Score
3.5
EPSS Score
0.005
Published
2022-09-05
Specially crafted string in OTRS system configuration can allow the execution of any system command.
CVSS Score
6.4
EPSS Score
0.013
Published
2022-03-21
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
CVSS Score
5.2
EPSS Score
0.008
Published
2021-07-26
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
CVSS Score
3.5
EPSS Score
0.009
Published
2021-07-26
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
CVSS Score
3.5
EPSS Score
0.007
Published
2021-07-26
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
CVSS Score
6.5
EPSS Score
0.007
Published
2021-07-26
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
CVSS Score
5.7
EPSS Score
0.013
Published
2021-02-08
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
CVSS Score
4.1
EPSS Score
0.006
Published
2020-11-23
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
CVSS Score
3.5
EPSS Score
0.009
Published
2020-07-20


Contact Us

Shodan ® - All rights reserved