Vulnerabilities
Vulnerable Software
Otrs:  >> Otrs  >> 8.0.11  Security Vulnerabilities
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
CVSS Score
4.3
EPSS Score
0.006
Published
2022-03-21
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
CVSS Score
3.5
EPSS Score
0.005
Published
2021-10-18
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
CVSS Score
5.2
EPSS Score
0.008
Published
2021-07-26
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
CVSS Score
6.5
EPSS Score
0.007
Published
2021-07-26
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.
CVSS Score
6.5
EPSS Score
0.01
Published
2021-06-14
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.017
Published
2011-07-19


Contact Us

Shodan ® - All rights reserved