Otrs

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*

part: a version: * update: *

VendorOtrs (265741d9-907d-5d62-a717-73ae1ea6326f)
ProductOtrs (a4c8163c-3d72-56f2-bdc3-a93fd57d712f)
Edition*
Language*
Software edition-
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-38060 vulnerable 2026-06-03 14:52:30.262296 Host header injection by attachments in web service
MEDIUM (6.3)
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
Published: 2023-07-24T08:28:13.816Z
Updated: 2025-02-13T17:01:45.040Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-38056 vulnerable 2026-06-03 14:52:30.257544 Code execution via System Configuration
HIGH (7.2)
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
Published: 2023-07-24T08:27:13.127Z
Updated: 2024-10-23T17:49:19.541Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-36096 vulnerable 2026-06-03 14:44:57.155466 Support Bundle includes S/Mime and PGP secret or PIN
MEDIUM (5.2)
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
Published: 2021-09-06T14:50:11.706Z
Updated: 2024-09-16T18:34:20.846Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-36095 vulnerable 2026-06-03 14:44:57.155065 User enumeration issue using "lost password" feature
MEDIUM (5.3)
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Published: 2021-09-06T13:15:27.220Z
Updated: 2024-09-16T17:58:45.926Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-36094 vulnerable 2026-06-03 14:44:57.154663 XSS attack in appointment edit popup screen
MEDIUM (5.7)
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Published: 2021-09-06T13:15:25.712Z
Updated: 2024-09-16T19:09:09.574Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-36093 vulnerable 2026-06-03 14:44:57.154150 DoS attack using PostMaster filters
MEDIUM (5.3)
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
Published: 2021-09-06T13:15:24.049Z
Updated: 2024-09-16T20:36:38.524Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.