OTRS Security Advisory 2019-01 |
01/18/2019 |
Stored XSS |
CVE-2019-9752 |
LOW |
January 18, 2019 —
Security Advisory Details
- ID: OSA-2019-01
- Date: 2019-01-18
- Title: Stored XSS
- Severity: 3.2. low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.4, OTRS 6.0.16, OTRS 5.0.34
- URL: read more
|
OTRS Security Advisory 2019-02 |
03/01/2019 |
XSS |
CVE-2019-9751 |
LOW |
March 01, 2019 —
Security Advisory Details
- ID: OSA-2019-02
- Date: 2019-03-01
- Title: XSS
- Severity: 3.2 low
- Product: OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 7.0.5, OTRS 6.0.17
- FULL CVSS v3 VECTOR: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S
read more |
OTRS Security Advisory 2019-03 |
03/08/2019 |
Information Disclosure |
CVE-2019-9753 |
LOW |
March 08, 2019 —
Security Advisory Details
- ID: OSA-2019-03
- Date: 2019-03-08
- Title: Information Disclosure
- Severity: 3.1. low
- Product: OTRS 7.0.x, ITSMConfigurationManagement 7.0.x
- Fixed in: OTRS 7.0.5, ITSMConfigurationManagement 7.0.
read more |
OTRS Security Advisory 2019-04 |
04/26/2019 |
XXE Processing |
CVE-2019-9892 |
MEDIUM |
April 26, 2019 —
Security Advisory Details
- ID: OSA-2019-04
- Date: 2019-04-26
- Title: XXE Processing
- Severity: 6.1 medium
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.7, OTRS 6.0.18, OTRS 5.0.35
- FULL CVSS v3
read more |
OTRS Security Advisory 2019-05 |
04/26/2019 |
Reflected and Stored XSS |
CVE-2019-10067 |
LOW |
April 26, 2019 —
Security Advisory Details
- ID: OSA-2019-05
- Date: 2019-04-26
- Title: Reflected and Stored XSS
- Severity: 3.1 low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.7, OTRS 6.0.18, OTRS 5.0.35
- FULL
read more |
OTRS Security Advisory 2019-06 |
04/26/2019 |
Stored XSS |
CVE-2019-10066 |
LOW |
April 26, 2019 —
Security Advisory Details
- ID: OSA-2019-06
- Date: 2019-04-26
- Title: Stored XSS
- Severity: 3.7 low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRSAppointmentCalendar 5.0.x
- Fixed in: OTRS 7.0.7, OTRS 6.0.18, OTRSAppointmentCalendar
read more |
OTRS Security Advisory 2019-07 |
04/26/2019 |
Information Disclosure |
CVE-2019-10065 |
LOW |
April 26, 2019 —
Security Advisory Details
- ID: OSA-2019-07
- Date: 2019-04-26
- Title: Information Disclosure
- Severity: 3.1. low
- Product: OTRS 7.0.x
- Fixed in: OTRS 7.0.7
- FULL CVSS v3 VECTOR: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:
read more |
OTRS Security Advisory 2019-08 |
05/31/2019 |
Loading External Image Resources |
CVE-2019-12248 |
LOW |
May 31, 2019 —
Security Advisory Details
- ID: OSA-2019-08
- Date: 2019-05-31
- Title: Loading External Image Resources
- Severity: 3.5. low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.8, OTRS 6.0.19, OTRS 5.0.36
read more |
OTRS Security Advisory 2019-09 |
05/31/2019 |
Information Disclosure |
CVE-2019-12497 |
LOW |
May 31, 2019 —
Security Advisory Details
- ID: OSA-2019-09
- Date: 2019-05-31
- Title: Information Disclosure
- Severity: 2.8. low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.8, OTRS 6.0.19, OTRS 5.0.36
- FULL CVS
read more |
OTRS Security Advisory 2019-10 |
07/12/2019 |
Information Disclosure |
CVE-2019-12746 |
LOW |
July 12, 2019 —
Security Advisory Details
- ID: OSA-2019-10
- Date: 2019-07-12
- Title: Information Disclosure
- Severity: 3.1. low
- Product: OTRS 6.0.x, OTRSBusiness 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 6.0.20, OTRSBusiness 6.0.21, OTRS 5.0.37read more
|
OTRS Security Advisory 2019-11 |
07/12/2019 |
Information Disclosure |
CVE-2019-13457 |
LOW |
July 12, 2019 —
Security Advisory Details
- ID: OSA-2019-11
- Date: 2019-07-12
- Title: Information Disclosure
- Severity: 3.8. low
- Product: OTRS 7.0.x
- Fixed in: OTRS 7.0.9
- FULL CVSS v3 VECTOR: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L
read more |
OTRS Security Advisory 2019-12 |
07/12/2019 |
Information Disclosure |
CVE-2019-13458 |
LOW |
July 12, 2019 —
Security Advisory Details
- ID: OSA-2019-12
- Date: 2019-07-12
- Title: Information Disclosure
- Severity: 2.4. low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.9, OTRS 6.0.20, OTRS 5.0.37
- FULL CV
read more |
OTRS Security Advisory 2019-13 |
10/04/2019 |
Stored XSS |
CVE-2019-16375 |
LOW |
October 04, 2019 —
Security Advisory Details
- ID: OSA-2019-13
- Date: 2019-09-03
- Title: Stored XSS
- Severity: 3.2 Low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.12, OTRS 6.0.23, OTRS 5.0.38
- FULL CVSS v3 VEC
read more |
OTRS Security Advisory 2019-14 |
11/15/2019 |
Information Disclosure |
CVE-2019-18179 |
LOW |
November 15, 2019 —
Security Advisory Details
- ID: OSA-2019-14
- Date: 2019-11-15
- Title: Information Disclosure
- Severity: Low
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.13, OTRS 6.0.24, OTRS 5.0.39
- FULL CV
read more |
OTRS Security Advisory 2019-15 |
11/15/2019 |
Denial of service |
CVE-2019-18180 |
MEDIUM |
November 15, 2019 —
Security Advisory Details
- ID: OSA-2019-15
- Date: 2019-11-15
- Title: Denial of service
- Severity: Medium
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.13, OTRS 6.0.24, OTRS 5.0.39
- FULL CVSS
read more |
OTRS Security Advisory 2020-01 |
01/10/2020 |
Spoofing of From field in several screens |
CVE-2020-1765 |
LOW |
January 10, 2020 —
Security Advisory Details
- ID: OSA-2020-01
- Date: 2020-01-10
- Title: Spoofing of From field in several screens
- Severity: 3.5. LOW
- Product: OTRS 7.0.x, ((OTRS)) Community Edition 6.0.x, ((OTRS)) Community Edition 5.0.x
- Fixed in: OTRS 7.0.14, ((OTRS)) Com
read more |
OTRS Security Advisory 2020-02 |
01/10/2020 |
Improper handling of uploaded inline images |
CVE-2020-1766 |
LOW |
January 10, 2020 —
Security Advisory Details
- ID: OSA-2020-02
- Date: 2020-01-10
- Title: Improper handling of uploaded inline images
- Severity: 2.0 LOW
- Product: OTRS 7.0.x, ((OTRS)) Community Edition 6.0.x, ((OTRS)) Community Edition 5.0.x
- Fixed in: OTRS 7.0.14, ((OTRS)) Co
read more |
OTRS Security Advisory 2020-03 |
01/10/2020 |
Possible to send drafted messages as wrong agent |
CVE-2020-1767 |
LOW |
January 10, 2020 —
- ID: OSA-2020-03
- Date: 2020-01-10
- Title: Possible to send drafted messages as wrong agent
- Severity: 3.5 LOW
- Product: OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 7.0.14, OTRS 6.0.25
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/
read more |
OTRS Security Advisory 2020-04 |
02/07/2020 |
External interface does not invalidate user session |
CVE-2020-1768 |
MEDIUM |
February 07, 2020 —
- Title: External interface does not invalidate user session
- Severity: Medium
read more |
OTRS Security Advisory 2020-05 |
02/07/2020 |
Vulnerability in third-party library - jquery |
CVE-2019-11358 |
MEDIUM |
February 07, 2020 —
- uid OTRS Security Team <security@otrs.org>
- ID: OSA-2020-05
- Date: 2020-02-07
- Title: Vulnerability in third-party library - jquery
- Severity: Medium
- Product: OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 7.0.15, OTRS 6.0.26
- FULL CVSS v3.0 VECTOR: 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- References: CV
read more |
OTRS Security Advisory 2020-06 |
03/27/2020 |
Autocomplete in the form login screens |
CVE-2020-1769 |
LOW |
March 27, 2020 —
- ID: OSA-2020-06
- Date: 2020-03-27
- Title: Autocomplete in the form login screens
- Severity: 3.5 LOW
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.16, OTRS 6.0.27, OTRS 5.0.42
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/U
read more |
OTRS Security Advisory 2020-07 |
03/27/2020 |
Information disclosure in support bundle files |
CVE-2020-1770 |
LOW |
March 27, 2020 —
- ID: OSA-2020-07
- Date: 2020-03-27
- Title: Information disclosure in support bundle files
- Severity: 2.4 LOW
- Product: OTRS 7.0.x, OTRS 6.0.x OTRS 5.0.x
- Fixed in: OTRS 7.0.16, OTRS 6.0.27, OTRS 5.0.42
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L
read more |
OTRS Security Advisory 2020-08 |
03/27/2020 |
Possible XSS in Customer user address book |
CVE-2020-1771 |
MEDIUM |
March 27, 2020 —
- ID: OSA-2020-08
- Date: 2020-03-27
- Title: Possible XSS in Customer user address book
- Severity: 4.6 MEDIUM
- Product: OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 7.0.16, OTRS 6.0.27
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:
read more |
OTRS Security Advisory 2020-09 |
03/27/2020 |
Information Disclosure |
CVE-2020-1772 |
MEDIUM |
March 27, 2020 —
- ID: OSA-2020-09
- Date: 2020-03-27
- Title: Information Disclosure
- Severity: 6.5 MEDIUM
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.16, OTRS 6.0.27, 5.0.42
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:
read more |
OTRS Security Advisory 2020-10 |
03/27/2020 |
Session / Password token leak |
CVE-2020-1773 |
HIGH |
March 27, 2020 —
- ID: OSA-2020-10
- Date: 2020-03-27
- Title: Session / Password token leak
- Severity: 7.3 HIGH
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.16, OTRS 6.0.27, 5.0.42
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I
read more |
OTRS Security Advisory 2020-11 |
04/27/2020 |
Information disclosure |
CVE-2020-1774 |
MEDIUM |
April 27, 2020 —
- ID: OSA-2020-11
- Date: 2020-04-24
- Title: Information disclosure
- Severity: 4.5 MEDIUM
- Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
- Fixed in: OTRS 7.0.17, OTRS 6.0.28
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
read more |
OTRS Security Advisory 2020-12 |
06/08/2020 |
Information disclosure |
CVE-2020-1775 |
LOW |
June 08, 2020 —
- ID: OSA-2020-12
- Date: 2020-06-08
- Title: Information disclosure
- Severity: 3.5. LOW
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 7.0.18, OTRS 8.0.4
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- References
read more |
OTRS Security Advisory 2020-13 |
07/20/2020 |
Invalidating or changing user does not invalidate session |
CVE-2020-1776 |
LOW |
July 20, 2020 —
- ID: OSA-2020-13
- Date: 2020-07-20
- Title: Invalidating or changing user does not invalidate session
- Severity: 3.5 LOW
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 8.0.5 OTRS 7.0.19, OTRS 6.0.29
- FULL CVSS VECTOR: CVSS:3.1/
read more |
OTRS Security Advisory 2020-14 |
10/12/2020 |
Vulnerability in third-party library - jquery |
CVE-2020-11023, CVE-2020-11022 |
MEDIUM |
October 12, 2020 —
- ID: OSA-2020-14
- Date: 2020-10-12
- Title: Vulnerability in third-party library - jquery
- Severity: 6.3 MEDIUM, 6.5 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 8.0.7, OTRS 7.0.22, OTRS 6.0.30
- FULL CVSS VECTOR: CV
read more |
OTRS Security Advisory 2020-15 |
10/12/2020 |
Agent names disclosed in chat feature. |
CVE-2020-1777 |
MEDIUM |
October 12, 2020 —
- ID: OSA-2020-15
- Date: 2020-10-12
- Title: Agent names disclosed in chat feature.
- Severity: 4.3 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.7, OTRS 7.0.22
- FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
read more |
OTRS Security Advisory 2020-16 |
11/23/2020 |
Bypassing user account validation |
CVE-2020-1778 |
MEDIUM |
November 23, 2020 —
- ID: OSA-2020-16
- Date: 2020-11-23
- Title: Bypassing user account validation
- Severity: Medium
- Product: OTRS 8.0.9
- Fixed in: OTRS 8.0.10
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
- References: CVE-
read more |
Attention! Maximum security risk with OTRS 4 and OTRS 5! |
12/23/2020 |
|
|
HIGH |
Please read carefully and check if the version of your OTRS system is affected.
Please be aware that OTRS 4 / OTRS 5 contains several severe security vulnerabilities, which could lead to GDPR related resource claims for you, when used. This release reached end of life and support and, there have been no further security updates since MAR 27th, 2020.
Product Affected:
- OTRS 4, OTRS 5,
- ((OTRS)) Community Edition 4, ((OTRS)) Community Edition 5
read more |
Attention! Security risk with OTRS 6! |
12/23/2020 |
|
|
HIGH |
Please read carefully and check if the version of your OTRS system is affected.
OTRS 6 has reached end of life and there will be no further security updates after JAN 1st, 2021.
We want to point out that using the software exposes you to a high security risk!
Product Affected:
- OTRS 6,
- ((OTRS)) Community Edition 6
read more |
OTRS Security Advisory 2021-01 |
02/08/2021 |
XSS |
CVE-2021-21434 |
LOW |
- ID: OSA-2021-01
- Date: 2021-02-08
- Title: XSS
- Severity: 3.5 LOW
- Product: Survey 7.0.x, Survey 6.0.x
- Fixed in: Survey 7.0.20
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
- References: CVE-2021-21434
|
OTRS Security Advisory 2021-02 |
02/08/2021 |
Information exposure in PDF export |
CVE-2021-21435 |
MEDIUM |
- ID: OSA-2021-02
- Date: 2021-02-08
- Title: Information exposure in PDF export
- Severity: 5.7 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 8.0.11, OTRS 7.0.24
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
read more |
OTRS Security Advisory 2021-03 |
02/08/2021 |
Dynamic templates reveal sensitive data when OTRS tags are used |
CVE-2020-1779 |
MEDIUM |
- ID: OSA-2021-03
- Date: 2021-02-08
- Title: Dynamic templates reveal sensitive data when OTRS tags are used
- Severity: 4.3. MEDIUM
- Product: OTRSTicketForms 6.0.40, OTRSTicketForms 7.0.29 and OTRSTicketForms 8.0.3
- Fixed in: OTRSTicketForms 7.0.30 and OTRSTicketForms
read more |
OTRS Security Advisory 2021-04 |
02/08/2021 |
Agent is able to link customer's Config Items without permission |
CVE-2021-21436 |
LOW |
- ID: OSA-2021-04
- Date: 2021-02-08
- Title: Agent is able to link customer's Config Items without permission
- Severity: 3.5 LOW
- Product: OTRSCIsInCustomerFrontend 7.0.14
- Fixed in: OTRSCIsInCustomerFrontend 7.0.15
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L
read more |
OTRS Security Advisory 2021-05 |
02/08/2021 |
Several Vulnerabilites in CKEditor |
CVE-2018-17960 |
MEDIUM |
- ID: OSA-2021-05
- Date: 2021-02-08
- Title: Several Vulnerabilites in CKEditor
- Severity: 5.5 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 8.0.11, OTRS 7.0.24
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
read more |
OTRS Security Advisory 2021-06 |
03/22/2021 |
ReDoS vulnerability in thirdparty library (jquery-validate) |
CVE-2021-21252 |
MEDIUM |
- ID: OSA-2021-06
- Date: 2021-03-22
- Title: ReDoS vulnerability in thirdparty library (jquery-validate)
- Severity: 5.3 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 8.0.12, OTRS 7.0.25
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI
read more |
OTRS Security Advisory 2021-07 |
03/22/2021 |
Config Items are shown to users without permission |
CVE-2021-21437 |
LOW |
- ID: OSA-2021-07
- Date: 2021-03-22
- Title: Config Items are shown to users without permission
- Severity: 3.5 LOW
- Product: ITSMConfigurationManagement 7.0.24 and OTRSCIsInCustomerFrontend 7.0.15
- Fixed in: ITSMConfigurationManagement 7.0.25 and OTRSCIsInCustomerFront
read more |
OTRS Security Advisory 2021-08 |
03/22/2021 |
FAQ articles are shown to users without permission |
CVE-2021-21438 |
LOW |
- ID: OSA-2021-08
- Date: 2021-03-22
- Title: FAQ articles are shown to users without permission
- Severity: 3.5 LOW
- Product: OTRS 7.0.24, and FAQ 6.0.29
- Fixed in: OTRS 7.0.25
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- R
read more |
OTRS Security Advisory 2021-09 |
06/14/2021 |
Possible DoS attack using a special crafted URL in email body |
CVE-2021-21439 |
MEDIUM |
- ID: OSA-2021-09
- Date: 2021-06-14
- Title: Possible DoS attack using a special crafted URL in email body
- Severity: 6.5 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x,
- Fixed in: OTRS 8.0.14, OTRS 7.0.27
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:
read more |
OTRS Security Advisory 2021-11 |
06/16/2021 |
XSS in the ticket overview screens |
CVE-2021-21441 |
HIGH |
- ID: OSA-2021-11
- Date: 2021-06-16
- Title: XSS in the ticket overview screens
- Severity: 7.5 HIGH
- Product: OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 7.0.27
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- References: CVE-2021-
read more |
OTRS Security Advisory 2021-10 |
07/26/2021 |
Support Bundle includes S/Mime and PGP keys and secrets |
CVE-2021-21440, CVE-2021-36096 |
MEDIUM |
- ID: OSA-2021-10
- Date: 2021-07-26 (initial), 2021-09-06 (update)
- Title: Support Bundle includes S/Mime and PGP keys and secrets
- Severity: 5.2 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.16, OTRS 7.0.29
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV
read more |
OTRS Security Advisory 2021-12 |
07/26/2021 |
Accounting |
CVE-2021-21442 |
MEDIUM |
- ID: OSA-2021-12
- Date: 2021-07-26
- Title: XSS vulnerability in Time Accounting
- Severity: 4.5. MEDIUM
- Product: TimeAccounting 7.0.x
- Fixed in: TimeAccounting 7.0.20
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
- Referenc
read more |
OTRS Security Advisory 2021-13 |
07/26/2021 |
Unautorized listing of the customer user emails |
CVE-2021-21443 |
LOW |
- ID: OSA-2021-13
- Date: 2021-07-26
- Title: Unautorized listing of the customer user emails
- Severity: 3.5 LOW
- Product: OTRS 7.0.x, OTRS 6.0.x,
- Fixed in: OTRS 7.0.28
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- Referenc
read more |
OTRS Security Advisory 2021-14 |
07/26/2021 |
Unautorized access to the calendar appointments |
CVE-2021-36091 |
LOW |
- ID: OSA-2021-14
- Date: 2021-07-26
- Title: Unautorized access to the calendar appointments
- Severity: 3.5 LOW
- Product: OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 7.0.28
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- Reference
read more |
OTRS Security Advisory 2021-15 |
07/26/2021 |
XSS attack using special link in email |
CVE-2021-36092 |
MEDIUM |
- ID: OSA-2021-15
- Date: 2021-07-26
- Title: XSS attack using special link in email
- Severity: 6.5 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
- Fixed in: OTRS 8.0.15, OTRS 7.0.28
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:Nread more
|
OTRS Security Advisory 2021-16 |
09/06/2021 |
DoS attack using PostMaster filters |
CVE-2021-36093 |
MEDIUM |
- ID: OSA-2021-16
- Date: 2021-09-06
- Title: DoS attack using PostMaster filters
- Severity: 5.3 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.16, OTRS 7.0.29
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Refer
read more |
OTRS Security Advisory 2021-17 |
09/06/2021 |
XSS attack in appointment edit popup screen |
CVE-2021-36094 |
MEDIUM |
- ID: OSA-2021-17
- Date: 2021-09-06
- Title: XSS attack in appointment edit popup screen
- Severity: 5.7. MEDIUM
- Product: OTRS 7.0.x
- Fixed in: OTRS 7.0.29
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
- References: CVE-2021-
read more |
OTRS Security Advisory 2021-18 |
09/06/2021 |
User enumeration issue using "lost password" feature |
CVE-2021-36095 |
MEDIUM |
- ID: OSA-2021-18
- Date: 2021-09-06
- Title: User enumeration issue using "lost password" feature
- Severity: 5.3 MEDIUM
- Product: OTRS 7.0.x
- Fixed in: OTRS 7.0.29
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- References: C
read more |
OTRS Security Advisory 2021-19 |
10/18/2021 |
Regular Expression Denial of Service in postcs |
CVE-2021-23368 |
MEDIUM |
- ID: OSA-2021-19
- Date: 2021-10-18
- Title: Regular Expression Denial of Service in postcs
- Severity: 5.3 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.17, OTRS 7.0.30
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
read more |
OTRS Security Advisory 2021-20 |
10/18/2021 |
Agents are able to lock the ticket without the "Owner" permission |
CVE-2021-36097 |
LOW |
- ID: OSA-2021-20
- Date: 2021-10-18
- Title: Agents are able to lock the ticket without the "Owner" permission
- Severity: 3.5 LOW
- Product: OTRS 8.0.x
- Fixed in: OTRS 8.0.17
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
- Ref
read more |
OTRS Security Advisory 2022-01 |
02/07/2022 |
Dynamic field error message is vulnerable to XSS |
CVE-2022-0473 |
LOW |
- ID: OSA-2022-01
- Date: 2021-02-07
- Title: Dynamic field error message is vulnerable to XSS
- Severity: 3.8 LOW
- Product: OTRS 7.0.x
- Fixed in: OTRS 7.0.32
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
- References: CVE-2022
read more |
OTRS Security Advisory 2022-02 |
02/07/2022 |
Disclosure of mail addresses |
CVE-2022-0474 |
LOW |
- ID: OSA-2022-02
- Date: 2022-02-07
- Title: Disclosure of mail addresses
- Severity: 2.4 LOW
- Product: OTRSCustomContactFields 8.0.x,
- Fixed in: OTRS 8.0.12
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
- References: CVE-2022
read more |
OTRS Security Advisory 2022-04 |
02/07/2022 |
Several vulnerabilities in third-party npm modules |
CVE-2021-3803 / CVE-2021-3807 / CVE-2021-23368 |
MEDIUM |
- ID: OSA-2022-04
- Date: 2022-02-07
- Title: Several vulnerabilities in third-party npm modules
- Severity: 5.8 MEDIUM
- Product: OTRS 8.0.x
- Fixed in: OTRS 8.0.19
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
- References: CVE
read more |
OTRS Security Advisory 2022-03 |
03/21/2022 |
Authenticated remote code execution |
CVE-2021-36100 |
MEDIUM |
- ID: OSA-2022-03
- Date: 2022-03-21
- Title: Authenticated remote code execution
- Severity: 6.4 MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRSSTORM 8.0.x, OTRSSTORM 7.0.x, OTRSSTORM 6.0.x, SystemMonitoring 8.0.x, SystemMonitoring 7.0.x, SystemMonitoring 6.0.x, ((OTRS)) Community E
read more |
OTRS Security Advisory 2022-05 |
03/21/2022 |
Possible XSS attack via translation |
CVE-2022-0475 |
LOW |
- ID: OSA-2022-05
- Date: 2022-03-21
- Title: Possible XSS attack via translation
- Severity: 3.5 LOW
- Product: OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.33, OTRS 8.0.20
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
- Referenc
read more |
OTRS Security Advisory 2022-06 |
03/21/2022 |
Information disclosure in the External Interface |
CVE-2022-1004 |
MEDIUM |
- ID: OSA-2022-06
- Date: 2022-03-21
- Title: Information disclosure in the External Interface
- Severity:4.3 MEDIUM
- Product: OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.33, OTRS 8.0.20
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
read more |
OTRS Security Advisory 2022-07 |
06/13/2022 |
OTRS version number is always in the exported ICS files |
CVE-2022-32739 |
LOW |
- ID: OSA-2022-07
- Date: 2022-06-13
- Title: OTRS version number is always in the exported ICS files
- Severity: 3.5. LOW
- Product: OTRS 8.0.x, OTRS 7.0.x, OTRSCalendarResourcePlanning 8.0.x, OTRSCalendarResourcePlanning 7.0.x.
- Fixed in: OTRS 8.0.23, OTRS 7.0.35, OTRSC
read more |
OTRS Security Advisory 2022-08 |
06/13/2022 |
Information disclosure in the External Interface |
CVE-2022-32740 |
LOW |
- ID: OSA-2022-08
- Date: 2022-06-13
- Title: Information disclosure in the External Interface
- Severity: 3.5 LOW
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.23, OTRS 7.0.35,
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
read more |
OTRS Security Advisory 2022-09 |
06/13/2022 |
Information disclosure in Request New Password feature |
CVE-2022-32741 |
MEDIUM |
- ID: OSA-2022-09
- Date: 2022-06-13
- Title: Information disclosure in Request New Password feature
- Severity: 5.3. MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.23, OTRS 7.0.35,
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/
read more |
OTRS Security Advisory 2022-10 |
09/05/2022 |
Possible XSS in Admin Interface |
CVE-2022-39049 |
LOW |
- ID: OSA-2022-10
- Date: 2022-09-05
- Title: Possible XSS in Admin Interface
- Severity: 3.5 LOW
- Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.37, OTRS 8.0.25
- FULL CVSS v3.1 VECTOR: read more
|
OTRS Security Advisory 2022-11 |
09/05/2022 |
Possible XSS stored in customer information |
CVE-2022-39050 |
MEDIUM |
- ID: OSA-2022-11
- Date: 2022-09-05
- Title: Possible XSS stored in customer information
- Severity: 4.6. MEDIUM
- Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.37, OTRS 8.0.25
- FULL CVSS v3.1 VECTOR: read more
|
OTRS Security Advisory 2022-12 |
09/05/2022 |
Perl Code execution in Template Toolkit |
CVE-2022-39051 |
MEDIUM |
- ID: OSA-2022-12
- Date: 2022-09-05
- Title: Perl Code execution in Template Toolkit
- Severity: 6.8 MEDIUM
- Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 8.0.25, OTRS 7.0.37,
- FULL CVSS v3.1 VECTOR: read more
|
OTRS Security Advisory 2022-13 |
10/17/2022 |
DoS attack using email |
CVE-2022-39052 |
HIGH |
- ID: OSA-2022-13
- Date: 2022-10-17
- Title: DoS attack using email
- Severity: 7.5.HIGH
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.26, OTRS 7.0.39,
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- References: CVE-202
read more |
OTRS Security Advisory 2022-14 |
10/17/2022 |
Information exposure of template content due to missing check of permissions |
CVE-2022-3501 |
LOW |
- ID: OSA-2022-14
- Date: 2022-10-17
- Title: Information exposure of template content due to missing check of permissions
- Severity: 3.5 LOW
- Product: OTRS 8.0.x
- Fixed in: OTRS 8.0.26
- FULL CVSS v3.1 VECTOR: CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:
read more |
OTRS Security Advisory 2022-15 |
12/19/2022 |
Improper Input Validation vulnerability in OTRS and ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice |
CVE-2022-4427 |
MEDIUM |
- ID: OSA-2022-15
- Date: 2022-12-19
- Title: SQL Injection via OTRS Search API
- Severity: 6.5. MEDIUM
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.28 Patch 1 or OTRS 7.0.40 Patch 1
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N<
read more |
OTRS Security Advisory 2023-01 |
03/20/2023 |
Possible XSS in Ticket Actions |
CVE-2023-1248 |
MEDIUM |
- ID: OSA-2023-01
- Date: 2023-03-20
- Title: Possible XSS in Ticket Actions
- Severity: 5.4 MEDIUM
- Product: OTRS 7.0.x
- Fixed in: OTRS 7.0.42
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- References: CVE-2023-1248
read more |
OTRS Security Advisory 2023-02 |
03/20/2023 |
Code execution through ACL creation |
CVE-2023-1250 |
HIGH |
- ID: OSA-2023-02
- Date: 2023-03-20
- Title: Code execution through ACL creation
- Severity: 7.4 HIGH
- Product: OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.42, OTRS 8.0.31
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
- Referen
read more |
OTRS Security Advisory 2023-03 |
05/08/2023 |
Information disclouse and DoS via websocket push events |
CVE-2023-2534 |
HIGH |
- ID: OSA-2023-03
- Date: 2023-05-08
- Title: Information disclouse and DoS via websocket push events
- Severity: 7.6 HIGH
- Product: OTRS 8.0.x
- Fixed in: OTRS 8.0.32
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
- References:
read more |
OTRS Security Advisory 2023-04 |
07/24/2023 |
Host header injection by attachments in web service |
CVE-2023-38060 |
MEDIUM |
- ID: OSA-2023-04
- Date: 2023-07-24
- Title: Host header injection by attachments in web service
- Severity: 6.3 MEDIUM
- Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.45, OTRS 8.0.35
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:
read more |
OTRS Security Advisory 2023-05 |
07/24/2023 |
Code execution via System Configuration |
CVE-2023-38056 |
HIGH |
- D: OSA-2023-05
- Date: 2023-07-24
- Title: Code execution via System Configuration
- Severity: 7.2 HIGH
- Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.45, OTRS 8.0.35
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
read more |
OTRS Security Advisory 2023-06 |
07/24/2023 |
Possible XSS stored in survey answers |
CVE-2023-38057 |
MEDIUM |
- ID: OSA-2023-06
- Date: 2023-07-24
- Title: Possible XSS stored in survey answers
- Severity: 4.1 MEDIUM
- Product: Survey 6.0.x, Survey 7.0.x, Survey 8.0.x
- Fixed in: Survey 7.0.32, Survey 8.0.13
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
- Refe
read more |
OTRS Security Advisory 2023-07 |
07/24/2023 |
Tickets can be moved without permission |
CVE-2023-38058 |
MEDIUM |
- ID: OSA-2023-07
- Date: 2023-07-24
- Title: Tickets can be moved without permission
- Severity: 4.1 MEDIUM
- Product: OTRS 8.0.x
- Fixed in: OTRS 8.0.35
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
- References: CVE-2023-38058
|
OTRS Security Advisory 2023-08 |
10/16/2023 |
External pictures can be loaded even if not allowed by configuration |
CVE-2023-38059 |
MEDIUM |
- ID: OSA-2023-08
- Date: 2023-10-16
- Title: External pictures can be loaded even if not allowed by configuration
- Severity: 5.3 MEDIUM
- Product: OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.47, OTRS 8.0.37
- CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
read more |
OTRS Security Advisory 2023-09 |
10/16/2023 |
Possible XSS execution in customer information |
CVE-2023-5421 |
LOW |
- ID: OSA-2023-09
- Date: 2023-10-16
- Title: Possible XSS execution in customer information
- Severity: 3.5 LOW
- Product: OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.47, OTRS 8.0.37
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
< read more |
OTRS Security Advisory 2023-10 |
10/16/2023 |
SSL Certificates are not checked for E-Mail Handling |
CVE-2023-5422 |
HIGH |
- ID: OSA-2023-10
- Date: 2023-10-16
- Title: SSL Certificates are not checked for E-Mail Handling
- Severity: 8.7 HIGH
- Product: OTRS 7.0.x, OTRS 8.0.x
- Fixed in: OTRS 7.0.47, OTRS 8.0.37
- CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
- Referen
read more |
OTRS Security Advisory 2023-11 |
11/27/2023 |
Password is sent back to client |
CVE-2023-6254 |
HIGH |
- ID: OSA-2023-11
- Date: 2023-11-07
- Title: Password is send back to client
- Severity: 8.1 HIGH
- Product: OTRS 8.0.x
- Fixed in: OTRS 2023.1.1
- CVSS: FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- References: CVE-2023-6254read more
|
OTRS Security Advisory 2024-01 |
01/29/2024 |
Missing file type check in avatar picture upload |
CVE-2024-23790 |
LOW |
- ID: OSA-2024-01
- Date: 2024-01-29
- Title: Missing file type check in avatar picture upload
- Severity: 3.5 LOW
- Product: OTRS 7.0.x, OTRS
- Fixed in: OTRS 7.0.49, OTRS 2024.1.1
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- read more
|
OTRS Security Advisory 2024-02 |
01/29/2024 |
Unnecessary data is written to log if issues during indexing occurs |
CVE-2024-23791 |
MEDIUM |
- ID: OSA-2024-02
- Date: 2024-01-29
- Title: Unnecessary data is written to log if issues during indexing occurs
- Severity: 4.9 MEDIUM
- Product: OTRS 7.0.x, OTRS
- Fixed in: OTRS 7.0.49, OTRS 2024.1.1
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C
read more |
OTRS Security Advisory 2024-03 |
01/29/2024 |
Insufficient access control |
CVE-2024-23792 |
MEDIUM |
- ID: OSA-2024-03
- Date: 2024-01-29
- Title: Insufficient access control
- Severity: 5.3 MEDIUM
- Product: OTRS 7.0.x, OTRS
- Fixed in: OTRS 7.0.49, OTRS 2024.1.1
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
- References: CVE-2024-23792
read more |
OTRS Security Advisory 2024-04 |
01/29/2024 |
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor |
CVE-2021-33829 |
MEDIUM |
- ID: OSA-2024-04
- Date: 2024-01-29
- Title: A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor
- Severity: 6.1 MEDIUM
- Product: OTRS 7.0.x, OTRS, ((OTRS)) Community Edition
- Fixed in: OTRS 7.0.49, OTRS 2024.1.1, OTRSAdvancedEditor 7.0.33,
read more |
OTRS Security Advisory 2024-05 |
06/03/2024 |
Upload of files outside application directory |
CVE-2024-23793 |
MEDIUM |
- ID: OSA-2024-05
- Date: 2024-06-03
- Title: Possible remote code execution in uploaded filenames
- Severity (CVSS v3.1): 6.3 MEDIUM
- Severity (CVSS v4.0): 6.8 MEDIUM
- Urgency: Moderate
- Products: OTRS, ((OTRS)) Community Edition
- Fixed in: OTRS 7.
read more |
OTRS Security Advisory 2024-06 |
07/15/2024 |
Agents are able to lock the ticket without the "Owner" permission |
CVE-2024-23794 |
MEDIUM |
- ID: OSA-2024-06
- Date: 2024-07-15
- Title: Agents are able to lock the ticket without the "Owner" permission
- Severity CVSS v3.1: 5.2 MEDIUM
- Severity CVSS v4.0: 5.6 MEDIUM
- Urgency: Reduced
- Product: OTRS
- Fixed in: OTRS 2024.5.2
- CV
read more |
OTRS Security Advisory 2024-07 |
07/15/2024 |
Information disclosure in external interface |
CVE-2024-6540 |
MEDIUM |
- ID: OSA-2024-07
- Date: 2024-07-15
- Title: Information disclosure in external interface
- Severity CVSS v3.1: 5.7 MEDIUM
- Severity CVSS v4.0: 1.9 LOW
- Urgency: Moderate
- Product: OTRS
- Fixed in: OTRS 2024.5.2
- CVSS VECTOR: CVSS:3.1/AV:
read more |
OTRS Security Advisory 2024-08 |
07/15/2024 |
OpenSSH: Remote Code Execution |
CVE-2024-6387 |
HIGH |
- ID: OSA-2024-08
- Date: 2024-07-15
- Title: OpenSSH: Remote Code Execution
- Severity CVSS v3.1: 8.1. HIGH
- Urgency: High
- Product: OTRS SaaS platform
- Fixed in: SaaS stack 2024-07
- CVSS VECTOR: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
read more |
OTRS Security Advisory 2024-09 |
07/15/2024 |
IKEv1 default AH/ESP responder can crash and restart |
CVE-2024-3652 |
MEDIUM |
- ID: OSA-2024-09
- Date: 2024-07-15
- Title: IKEv1 default AH/ESP responder can crash and restart
- Severity CVSS v3.1: 6.5 MEDIUM
- Urgency: Moderate
- Product: OTRS SaaS platform
- Fixed in: SaaS stack 2024-07
- CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/U
read more |
OTRS Security Advisory 2024-10 |
08/26/2024 |
Stored XSS in System Configuration |
CVE-2024-43442 |
MEDIUM |
- ID: OSA-2024-10
- Date: 2024-08-26
- Title: Stored XSS in System Configuration
- Severity CVSS v3.1: 4.9 MEDIUM
- Severity CVSS v4.0: 4.8 MEDIUM
- Urgency: Moderate
- Product: OTRS, ((OTRS)) Community Edition
- Fixed in: OTRS 2024.6.1 and OTRS 7.0.51<
read more |
OTRS Security Advisory 2024-11 |
08/26/2024 |
Stored XSS in process management |
CVE-2024-43443 |
MEDIUM |
- ID: OSA-2024-11
- Date: 2024-08-26
- Title: Stored XSS in process management
- Severity CVSS v3.1: 4.9 MEDIUM
- Severity CVSS v4.0: 4.8 MEDIUM
- Urgency: Moderate
- Product: OTRS, ((OTRS)) Community Edition
- Fixed in: OTRS 2024.6.1 and OTRS 7.0.51read more
|
OTRS Security Advisory 2024-12 |
08/26/2024 |
Passwords are written to Admin Log Module |
CVE-2024-43444 |
HIGH |
- ID: OSA-2024-12
- Date: 2024-08-26
- Title: Passwords are written to Admin Log Module
- Severity CVSS v3.1: 8.2 HIGH
- Severity CVSS v4.0: 8.6 HIGH
- Urgency: LOW
- Product: OTRS, ((OTRS)) Community Edition
- Fixed in: OTRS 2024.6.1 and OTRS 7.0.51read more
|