threat
engine
.sh
Back
·
··:··
Home
/
Product
/
otrs
Product
otrs
147 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-24387
>= 7.0.0 and <= 2025.1.2
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HT
4.8
MEDIUM
CVE-2024-6540
>= 8.0.0 and < 2024.5.2
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow a
5.7
MEDIUM
CVE-2024-23794
>= 8.0.0 and < 2024.5.2
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This
5.2
MEDIUM
CVE-2024-23792
>= 7.0.0 and < 7.0.49
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack r
5.3
MEDIUM
CVE-2024-23791
>= 7.0.0 and < 7.0.49
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from
4.9
MEDIUM
CVE-2024-23790
>= 7.0.0 and < 7.0.49
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing ch
3.5
LOW
CVE-2023-6254
>= 8.0.1 and <= 8.0.37
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the
8.1
HIGH
CVE-2023-5422
>= 7.0.0 and < 7.0.47
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communic
8.7
HIGH
CVE-2023-5421
>= 7.0.0 and < 7.0.47
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the Customer
3.5
LOW
CVE-2023-38059
>= 7.0.0 and < 7.0.47
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This
5.3
MEDIUM
CVE-2023-38060
>= 7.0.0 and < 7.0.45
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of
6.3
MEDIUM
CVE-2023-38058
>= 8.0.0 and < 8.0.35
An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to
4.1
MEDIUM
CVE-2023-38057
>= 7.0.0 and < 7.0.32
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey
4.1
MEDIUM
CVE-2023-38056
>= 7.0.0 and < 7.0.45
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTe
7.2
HIGH
CVE-2023-2534
>= 8.0.0 and < 8.0.32
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track
7.6
HIGH
CVE-2018-17883
>= 6.0.0 and < 6.0.12
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a
6.1
MEDIUM
CVE-2023-1250
>= 7.0.0 and < 7.0.42
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Loc
7.4
HIGH
CVE-2023-1248
>= 7.0.0 and < 7.0.42
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actio
6.1
MEDIUM
CVE-2022-4427
>= 7.0.1 and < 7.0.40
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch
6.5
MEDIUM
CVE-2022-3501
>= 8.0.0 and < 8.0.26
Article template contents with sensitive data could be accessed from agents without permissions.
3.5
LOW
CVE-2022-39052
>= 7.0.0 and < 7.0.39
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system
7.5
HIGH
CVE-2022-39051
>= 7.0.0 and < 7.0.37
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th pa
6.8
MEDIUM
CVE-2022-39050
>= 7.0.0 and < 7.0.37
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by
4.6
MEDIUM
CVE-2022-39049
>= 7.0.0 and < 7.0.37
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTR
3.5
LOW
CVE-2022-32741
>= 7.0.0 and < 7.0.35
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the re
5.3
MEDIUM
CVE-2022-32740
>= 7.0.0 and < 7.0.35
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under ce
3.5
LOW
CVE-2022-32739
>= 7.0.0 and < 7.0.35
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file
3.5
LOW
CVE-2022-1004
>= 7.0.0 and < 7.0.33
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTime
4.3
MEDIUM
CVE-2022-0475
>= 7.0.0 and <= 7.0.32
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be exec
3.5
LOW
CVE-2021-36100
< 7.0.28
Specially crafted string in OTRS system configuration can allow the execution of any system command.
6.4
MEDIUM
CVE-2022-0473
>= 7.0.0 and < 7.0.32
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expressio
3.8
LOW
CVE-2021-36097
>= 8.0.0 and <= 8.0.16
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where
3.5
LOW
CVE-2021-36096
>= 7.0.0 and < 7.0.29
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((O
5.2
MEDIUM
CVE-2021-36095
>= 7.0.0 and < 7.0.29
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)
5.3
MEDIUM
CVE-2021-36094
>= 7.0.0 and < 7.0.29
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OT
5.7
MEDIUM
CVE-2021-36093
>= 7.0.0 and < 7.0.29
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects:
5.3
MEDIUM
CVE-2013-4718
>= 3.0.0 and <= 3.0.21
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.
5.4
MEDIUM
CVE-2013-4717
>= 3.0.0 and <= 3.0.21
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, an
8.8
HIGH
CVE-2021-36092
>= 7.0.0 and < 7.0.28
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affect
6.5
MEDIUM
CVE-2021-36091
>= 7.0.0 and < 7.0.28
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community
3.5
LOW
CVE-2021-21443
>= 7.0.0 and <= 7.0.27
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG (
3.5
LOW
CVE-2021-21440
>= 7.0.0 and <= 7.0.27
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((O
5.2
MEDIUM
CVE-2021-21441
>= 7.0.0 and <= 7.0.26
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail show
7.5
HIGH
CVE-2021-21439
>= 7.0.0 and < 7.0.27
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause
6.5
MEDIUM
CVE-2021-21438
>= 7.0.0 and < 7.0.24
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 a
3.5
LOW
CVE-2021-21436
>= 7.0.0 and <= 7.0.14
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS A
3.5
LOW
CVE-2021-21435
>= 7.0.0 and <= 7.0.23
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This iss
5.7
MEDIUM
CVE-2021-21434
>= 6.0.0 and <= 6.0.20
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent
3.5
LOW
CVE-2020-1778
<= 8.0.9
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to inval
4.1
MEDIUM
CVE-2020-1777
>= 7.0.0 and <= 7.0.21
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat tr
4.3
MEDIUM
CVE-2020-1776
>= 7.0.0 and < 7.0.19
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to
3.5
LOW
CVE-2020-1775
>= 7.0.0 and < 7.0.18
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and pri
3.5
LOW
CVE-2020-1774
>= 7.0.0 and <= 7.0.16
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possi
4.5
MEDIUM
CVE-2020-1773
>= 7.0.0 and <= 7.0.15
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiti
7.3
HIGH
CVE-2020-1772
>= 7.0.0 and <= 7.0.15
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s),
6.5
MEDIUM
CVE-2020-1771
>= 7.0.0 and <= 7.0.15
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens t
4.6
MEDIUM
CVE-2020-1770
>= 7.0.0 and <= 7.0.15
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((O
2.4
LOW
CVE-2020-1769
>= 7.0.0 and <= 7.0.15
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered a
3.5
LOW
CVE-2019-16375
>= 7.0.0 and <= 7.0.11
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and
5.4
MEDIUM
CVE-2019-13457
>= 7.0.0 and <= 7.0.8
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to di
4.3
MEDIUM
CVE-2019-10065
>= 7.0.0 and <= 7.0.6
An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer
4.3
MEDIUM
CVE-2013-4088
>= 3.0.0 and < 3.0.21
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x befo
6.5
MEDIUM
CVE-2013-3551
>= 3.0.0 and < 3.0.20
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before
6.5
MEDIUM
CVE-2013-2637
< 3.0.7
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 v
6.1
MEDIUM
CVE-2020-1768
>= 7.0.0 and <= 7.0.14
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so
5.4
MEDIUM
CVE-2020-1767
>= 7.0.0 and <= 7.0.13
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it
3.5
LOW
CVE-2020-1766
>= 7.0.0 and <= 7.0.13
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to exe
2.0
LOW
CVE-2020-1765
>= 7.0.0 and <= 7.0.13
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicket
3.5
LOW
CVE-2019-18179
>= 7.0.0 and <= 7.0.12
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and
4.3
MEDIUM
CVE-2019-18180
>= 7.0.0 and < 7.0.13
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files
5.3
MEDIUM
CVE-2013-2625
>= 3.0.0 and < 3.0.7
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FA
6.5
MEDIUM
CVE-2019-13458
>= 7.0.0 and <= 7.0.8
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6
6.5
MEDIUM
CVE-2019-12746
>= 5.0.0 and <= 5.0.36
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A us
6.5
MEDIUM
CVE-2018-11563
>= 6.0.0 and <= 6.0.7
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to i
4.6
MEDIUM
CVE-2019-12248
>= 5.0.0 and <= 5.0.36
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Comm
4.3
MEDIUM
CVE-2019-12497
>= 5.0.0 and <= 5.0.36
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Comm
5.3
MEDIUM
CVE-2019-9753
>= 7.0.0 and < 7.0.5
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or
3.5
LOW
CVE-2019-9892
>= 5.0.0 and <= 5.0.34
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An att
6.5
MEDIUM
CVE-2019-10067
>= 5.0.0 and <= 5.0.35
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.
5.4
MEDIUM
CVE-2019-10066
>= 5.0.0 and <= 5.0.12
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAp
5.4
MEDIUM
CVE-2019-9752
>= 5.0.0 and < 5.0.34
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attack
5.4
MEDIUM
CVE-2019-9751
>= 6.0.0 and < 6.0.17
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged int
4.8
MEDIUM
CVE-2018-20800
all versions
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates)
6.5
MEDIUM
CVE-2018-19143
>= 4.0.0 and < 4.0.33
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user t
6.5
MEDIUM
CVE-2018-19142
>= 6.0.0 and < 6.0.13
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.
4.8
MEDIUM
CVE-2018-19141
>= 4.0.0 and < 4.0.33
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modif
4.8
MEDIUM
CVE-2018-16587
>= 4.0.0 and < 4.0.32
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a m
6.5
MEDIUM
CVE-2018-16586
>= 4.0.0 and < 4.0.32
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a m
4.3
MEDIUM
CVE-2018-14593
>= 4.0.0 and <= 4.0.30
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30.
8.8
HIGH
CVE-2018-10198
>= 6.0.0 and < 6.0.7
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview
4.3
MEDIUM
CVE-2018-7567
>= 5.0.0 and <= 5.0.23
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admi
7.2
HIGH
CVE-2017-17476
>= 4.0.0 and < 4.0.28
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disable
8.8
HIGH
CVE-2017-16854
>= 3.3.0 and <= 3.3.20
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is l
6.5
MEDIUM
CVE-2017-16921
all versions
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an atta
8.8
HIGH
CVE-2017-16664
>= 3.3.0 and < 3.3.20
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3
8.8
HIGH
CVE-2017-15864
>= 3.3.0 and <= 3.3.18
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain informa
8.8
HIGH
CVE-2017-14635
all versions
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can
8.8
HIGH
CVE-2017-9324
>= 3.3.0 and <= 3.3.16
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent perm
8.8
HIGH
CVE-2017-9299
all versions
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direc
6.1
MEDIUM
CVE-2016-9139
all versions
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x
6.1
MEDIUM
CVE-2016-5843
all versions
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket
9.4
CRITICAL
CVE-2014-9324
all versions
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticate
CVE-2014-2554
all versions
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via
CVE-2014-2553
all versions
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x
CVE-2014-1695
all versions
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x
CVE-2014-1694
all versions
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) Custom
CVE-2014-1471
all versions
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.
CVE-2012-4751
all versions
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17,
CVE-2012-4600
all versions
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16,
CVE-2012-2582
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x befo
CVE-2011-2746
all versions
Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.
CVE-2011-2385
all versions
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict
CVE-2011-1518
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7
CVE-2011-1433
<= 3.0.5
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext cred
CVE-2010-4768
<= 2.3.4
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated use
CVE-2010-4767
<= 2.3.5
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 char
CVE-2010-4766
<= 2.4.6
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML
CVE-2010-4765
<= 2.4.7
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authe
CVE-2010-4764
<= 2.4.9
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail m
CVE-2010-4763
<= 2.4.10
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket o
CVE-2010-4762
<= 3.0.0
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2
CVE-2010-4761
<= 3.0.0
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict cust
CVE-2010-4760
<= 3.0.0
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-ba
CVE-2010-4759
<= 3.0.0
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a sea
CVE-2010-4758
<= 3.0.2
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead
CVE-2009-5057
<= 2.3.3
The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variable
CVE-2009-5056
<= 2.4.0
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which
CVE-2009-5055
<= 2.4.3
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID valu
CVE-2008-7283
<= 2.2.5
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypas
CVE-2008-7282
<= 2.2.5
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerP
CVE-2008-7281
<= 2.2.6
Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipie
CVE-2008-7280
<= 2.2.6
Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mai
CVE-2008-7279
<= 2.2.7
The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass inte
CVE-2008-7278
<= 2.2.4
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure th
CVE-2008-7277
<= 2.3.0
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, dur
CVE-2008-7276
<= 2.3.1
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissio
CVE-2008-7275
<= 2.3.2
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to in
CVE-2011-0456
<= 2.3.4
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unsp
CVE-2010-4071
all versions
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote at
CVE-2010-3476
all versions
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular
CVE-2010-2080
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8
CVE-2010-0438
all versions
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2
CVE-2008-1515
>= 2.1.0 and < 2.1.8
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP
CVE-2007-2524
all versions
Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject
CVE-2005-3895
all versions
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, rende
CVE-2005-3894
all versions
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0
CVE-2005-3893
all versions
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin