Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-01-29
Updated
2024-02-02
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.
This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-07-24
Updated
2023-08-31
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-
This issue affects OTRS: from 8.0.X through 8.0.37.
Max CVSS
8.1
EPSS Score
0.09%
Published
2023-11-27
Updated
2023-12-01
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
Max CVSS
9.1
EPSS Score
0.06%
Published
2023-10-16
Updated
2023-10-20
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via
ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation
and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.
Max CVSS
8.1
EPSS Score
0.05%
Published
2023-05-08
Updated
2023-05-16
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
Max CVSS
8.8
EPSS Score
0.20%
Published
2022-09-05
Updated
2022-10-01
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice
This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
Max CVSS
9.8
EPSS Score
0.13%
Published
2022-12-19
Updated
2023-08-31
Specially crafted string in OTRS system configuration can allow the execution of any system command.
Max CVSS
9.0
EPSS Score
0.12%
Published
2022-03-21
Updated
2023-08-31
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
Max CVSS
8.1
EPSS Score
0.13%
Published
2020-03-27
Updated
2023-08-31
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.
Max CVSS
9.0
EPSS Score
0.42%
Published
2018-03-04
Updated
2024-04-11
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
Max CVSS
8.8
EPSS Score
0.87%
Published
2017-12-20
Updated
2019-10-03
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
Max CVSS
9.0
EPSS Score
2.34%
Published
2017-12-08
Updated
2021-04-22
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
Max CVSS
8.8
EPSS Score
0.25%
Published
2017-11-21
Updated
2019-05-08
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
Max CVSS
8.8
EPSS Score
0.13%
Published
2017-11-16
Updated
2019-10-03
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
Max CVSS
8.8
EPSS Score
0.15%
Published
2017-09-21
Updated
2019-10-03
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
Max CVSS
8.8
EPSS Score
0.15%
Published
2017-06-12
Updated
2019-10-03
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
Max CVSS
8.8
EPSS Score
0.11%
Published
2021-08-09
Updated
2021-08-17
17 vulnerabilities found