Security Advisories
Subscribe to the "announcement" mailing list to stay up-to-date about releases and security updates.
Release name | Release date | Titel | References | Risk level | Details |
---|---|---|---|---|---|
OTRS Security Advisory 2019-01 | 01/18/2019 | Stored XSS | CVE-2019-9752 | LOW | January 18, 2019 —
|
OTRS Security Advisory 2019-02 | 03/01/2019 | XSS | CVE-2019-9751 | LOW | March 01, 2019 —
|
OTRS Security Advisory 2019-03 | 03/08/2019 | Information Disclosure | CVE-2019-9753 | LOW | March 08, 2019 —
|
OTRS Security Advisory 2019-04 | 04/26/2019 | XXE Processing | CVE-2019-9892 | MEDIUM | April 26, 2019 —
|
OTRS Security Advisory 2019-05 | 04/26/2019 | Reflected and Stored XSS | CVE-2019-10067 | LOW | April 26, 2019 —
|
OTRS Security Advisory 2019-06 | 04/26/2019 | Stored XSS | CVE-2019-10066 | LOW | April 26, 2019 —
|
OTRS Security Advisory 2019-07 | 04/26/2019 | Information Disclosure | CVE-2019-10065 | LOW | April 26, 2019 —
|
OTRS Security Advisory 2019-08 | 05/31/2019 | Loading External Image Resources | CVE-2019-12248 | LOW | May 31, 2019 —
|
OTRS Security Advisory 2019-09 | 05/31/2019 | Information Disclosure | CVE-2019-12497 | LOW | May 31, 2019 —
|
OTRS Security Advisory 2019-10 | 07/12/2019 | Information Disclosure | CVE-2019-12746 | LOW | July 12, 2019 —
|
OTRS Security Advisory 2019-11 | 07/12/2019 | Information Disclosure | CVE-2019-13457 | LOW | July 12, 2019 —
|
OTRS Security Advisory 2019-12 | 07/12/2019 | Information Disclosure | CVE-2019-13458 | LOW | July 12, 2019 —
|
OTRS Security Advisory 2019-13 | 10/04/2019 | Stored XSS | CVE-2019-16375 | LOW | October 04, 2019 —
|
OTRS Security Advisory 2019-14 | 11/15/2019 | Information Disclosure | CVE-2019-18179 | LOW | November 15, 2019 —
|
OTRS Security Advisory 2019-15 | 11/15/2019 | Denial of service | CVE-2019-18180 | MEDIUM | November 15, 2019 —
|
OTRS Security Advisory 2020-01 | 01/10/2020 | Spoofing of From field in several screens | CVE-2020-1765 | LOW | January 10, 2020 —
|
OTRS Security Advisory 2020-02 | 01/10/2020 | Improper handling of uploaded inline images | CVE-2020-1766 | LOW | January 10, 2020 —
|
OTRS Security Advisory 2020-03 | 01/10/2020 | Possible to send drafted messages as wrong agent | CVE-2020-1767 | LOW | January 10, 2020 —
|
OTRS Security Advisory 2020-04 | 02/07/2020 | External interface does not invalidate user session | CVE-2020-1768 | MEDIUM | February 07, 2020 —
|
OTRS Security Advisory 2020-05 | 02/07/2020 | Vulnerability in third-party library - jquery | CVE-2019-11358 | MEDIUM | February 07, 2020 —
|
OTRS Security Advisory 2020-06 | 03/27/2020 | Autocomplete in the form login screens | CVE-2020-1769 | LOW | March 27, 2020 —
|
OTRS Security Advisory 2020-07 | 03/27/2020 | Information disclosure in support bundle files | CVE-2020-1770 | LOW | March 27, 2020 —
|
OTRS Security Advisory 2020-08 | 03/27/2020 | Possible XSS in Customer user address book | CVE-2020-1771 | MEDIUM | March 27, 2020 —
|
OTRS Security Advisory 2020-09 | 03/27/2020 | Information Disclosure | CVE-2020-1772 | MEDIUM | March 27, 2020 —
|
OTRS Security Advisory 2020-10 | 03/27/2020 | Session / Password token leak | CVE-2020-1773 | HIGH | March 27, 2020 —
|
OTRS Security Advisory 2020-11 | 04/27/2020 | Information disclosure | CVE-2020-1774 | MEDIUM | April 27, 2020 —
|
OTRS Security Advisory 2020-12 | 06/08/2020 | Information disclosure | CVE-2020-1775 | LOW | June 08, 2020 —
|
OTRS Security Advisory 2020-13 | 07/20/2020 | Invalidating or changing user does not invalidate session | CVE-2020-1776 | LOW | July 20, 2020 —
|
OTRS Security Advisory 2020-14 | 10/12/2020 | Vulnerability in third-party library - jquery | CVE-2020-11023, CVE-2020-11022 | MEDIUM | October 12, 2020 —
read more |
OTRS Security Advisory 2020-15 | 10/12/2020 | Agent names disclosed in chat feature. | CVE-2020-1777 | MEDIUM | October 12, 2020 —
|
OTRS Security Advisory 2020-16 | 11/23/2020 | Bypassing user account validation | CVE-2020-1778 | MEDIUM | November 23, 2020 —
|
Attention! Maximum security risk with OTRS 4 and OTRS 5! | 12/23/2020 | HIGH | Please read carefully and check if the version of your OTRS system is affected.
Please be aware that OTRS 4 / OTRS 5 contains several severe security vulnerabilities, which could lead to GDPR related resource claims for you, when used. This release reached end of life and support and, there have been no further security updates since MAR 27th, 2020.
Product Affected:
read more |
||
Attention! Security risk with OTRS 6! | 12/23/2020 | HIGH | Please read carefully and check if the version of your OTRS system is affected.
OTRS 6 has reached end of life and there will be no further security updates after JAN 1st, 2021.
We want to point out that using the software exposes you to a high security risk!
Product Affected:
read more |
||
OTRS Security Advisory 2021-01 | 02/08/2021 | XSS | CVE-2021-21434 | LOW |
|
OTRS Security Advisory 2021-02 | 02/08/2021 | Information exposure in PDF export | CVE-2021-21435 | MEDIUM |
|
OTRS Security Advisory 2021-03 | 02/08/2021 | Dynamic templates reveal sensitive data when OTRS tags are used | CVE-2020-1779 | MEDIUM |
|
OTRS Security Advisory 2021-04 | 02/08/2021 | Agent is able to link customer's Config Items without permission | CVE-2021-21436 | LOW |
|
OTRS Security Advisory 2021-05 | 02/08/2021 | Several Vulnerabilites in CKEditor | CVE-2018-17960 | MEDIUM |
|
OTRS Security Advisory 2021-06 | 03/22/2021 | ReDoS vulnerability in thirdparty library (jquery-validate) | CVE-2021-21252 | MEDIUM |
|
OTRS Security Advisory 2021-07 | 03/22/2021 | Config Items are shown to users without permission | CVE-2021-21437 | LOW |
|
OTRS Security Advisory 2021-08 | 03/22/2021 | FAQ articles are shown to users without permission | CVE-2021-21438 | LOW |
|
OTRS Security Advisory 2021-09 | 06/14/2021 | Possible DoS attack using a special crafted URL in email body | CVE-2021-21439 | MEDIUM |
|
OTRS Security Advisory 2021-11 | 06/16/2021 | XSS in the ticket overview screens | CVE-2021-21441 | HIGH |
read more |
OTRS Security Advisory 2021-10 | 07/26/2021 | Support Bundle includes S/Mime and PGP keys and secrets | CVE-2021-21440, CVE-2021-36096 | MEDIUM |
|
OTRS Security Advisory 2021-12 | 07/26/2021 | Accounting | CVE-2021-21442 | MEDIUM |
|
OTRS Security Advisory 2021-13 | 07/26/2021 | Unautorized listing of the customer user emails | CVE-2021-21443 | LOW |
|
OTRS Security Advisory 2021-14 | 07/26/2021 | Unautorized access to the calendar appointments | CVE-2021-36091 | LOW |
|
OTRS Security Advisory 2021-15 | 07/26/2021 | XSS attack using special link in email | CVE-2021-36092 | MEDIUM |
|
OTRS Security Advisory 2021-16 | 09/06/2021 | DoS attack using PostMaster filters | CVE-2021-36093 | MEDIUM |
|
OTRS Security Advisory 2021-17 | 09/06/2021 | XSS attack in appointment edit popup screen | CVE-2021-36094 | MEDIUM |
read more |
OTRS Security Advisory 2021-18 | 09/06/2021 | User enumeration issue using "lost password" feature | CVE-2021-36095 | MEDIUM |
|
OTRS Security Advisory 2021-19 | 10/18/2021 | Regular Expression Denial of Service in postcs | CVE-2021-23368 | MEDIUM |
|
OTRS Security Advisory 2021-20 | 10/18/2021 | Agents are able to lock the ticket without the "Owner" permission | CVE-2021-36097 | LOW |
|
OTRS Security Advisory 2022-01 | 02/07/2022 | Dynamic field error message is vulnerable to XSS | CVE-2022-0473 | LOW |
read more |
OTRS Security Advisory 2022-02 | 02/07/2022 | Disclosure of mail addresses | CVE-2022-0474 | LOW |
read more |
OTRS Security Advisory 2022-04 | 02/07/2022 | Several vulnerabilities in third-party npm modules | CVE-2021-3803 / CVE-2021-3807 / CVE-2021-23368 | MEDIUM |
|
OTRS Security Advisory 2022-03 | 03/21/2022 | Authenticated remote code execution | CVE-2021-36100 | MEDIUM |
|
OTRS Security Advisory 2022-05 | 03/21/2022 | Possible XSS attack via translation | CVE-2022-0475 | LOW |
|
OTRS Security Advisory 2022-06 | 03/21/2022 | Information disclosure in the External Interface | CVE-2022-1004 | MEDIUM |
|
OTRS Security Advisory 2022-07 | 06/13/2022 | OTRS version number is always in the exported ICS files | CVE-2022-32739 | LOW |
|
OTRS Security Advisory 2022-08 | 06/13/2022 | Information disclosure in the External Interface | CVE-2022-32740 | LOW |
|
OTRS Security Advisory 2022-09 | 06/13/2022 | Information disclosure in Request New Password feature | CVE-2022-32741 | MEDIUM |
|
OTRS Security Advisory 2022-10 | 09/05/2022 | Possible XSS in Admin Interface | CVE-2022-39049 | LOW |
|
OTRS Security Advisory 2022-11 | 09/05/2022 | Possible XSS stored in customer information | CVE-2022-39050 | MEDIUM |
|
OTRS Security Advisory 2022-12 | 09/05/2022 | Perl Code execution in Template Toolkit | CVE-2022-39051 | MEDIUM |
|
OTRS Security Advisory 2022-13 | 10/17/2022 | DoS attack using email | CVE-2022-39052 | HIGH |
read more |
OTRS Security Advisory 2022-14 | 10/17/2022 | Information exposure of template content due to missing check of permissions | CVE-2022-3501 | LOW |
|
OTRS Security Advisory 2022-15 | 12/19/2022 | Improper Input Validation vulnerability in OTRS and ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice | CVE-2022-4427 | MEDIUM |
|
OTRS Security Advisory 2023-01 | 03/20/2023 | Possible XSS in Ticket Actions | CVE-2023-1248 | MEDIUM |
|
OTRS Security Advisory 2023-02 | 03/20/2023 | Code execution through ACL creation | CVE-2023-1250 | HIGH |
|
OTRS Security Advisory 2023-03 | 05/08/2023 | Information disclouse and DoS via websocket push events | CVE-2023-2534 | HIGH |
|
Release name | Release date | Titel | References | Risk level | Excerpt |
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:[...]
Please read carefully and check if the version of your OTRS system is affected. OTRS 6 has reached end of life and there will be[...]
Please read carefully and check if the version of your OTRS system is affected. Please be aware that OTRS 4 / OTRS 5 contains several[...]
November 23, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
October 12, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
October 12, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
July 20, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
June 08, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
April 27, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
March 27, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities[...]
March 27, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities[...]
March 27, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities[...]
March 27, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities[...]
March 27, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities[...]
February 07, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
February 07, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
January 10, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
January 10, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
January 10, 2020 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding[...]
November 15, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
November 15, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
October 04, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
July 12, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
July 12, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
July 12, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
May 31, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
May 31, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
April 26, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
April 26, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
April 26, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
April 26, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
March 08, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
March 01, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]
January 18, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information[...]