Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:otrs:otrs:3.3.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-36100 |
Specially crafted string in OTRS system configuration can allow the execution of any system command. Published: March 21, 2022; 6:15:07 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2020-1778 |
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions. Published: November 23, 2020; 11:15:13 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-16854 |
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. Published: December 08, 2017; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-16664 |
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. Published: November 21, 2017; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-15864 |
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. Published: November 16, 2017; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 4.0 MEDIUM |
CVE-2017-14635 |
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. Published: September 21, 2017; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-9324 |
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. Published: June 12, 2017; 2:29:00 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-9139 |
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. Published: February 16, 2017; 9:59:13 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-2554 |
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. Published: April 23, 2014; 11:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-2553 |
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. Published: April 02, 2014; 12:05:57 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2011-2385 |
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. Published: July 19, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |