Otrs

Otrs

147 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.2%
  • Veröffentlicht 01.06.2026 03:33:23
  • Zuletzt bearbeitet 15.06.2026 12:46:17

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: * 8.0.X * 2023.X * 2024.X * 2025.X ...

  • EPSS 0.36%
  • Veröffentlicht 01.06.2026 03:33:15
  • Zuletzt bearbeitet 15.06.2026 12:45:08

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server ...

  • EPSS 0.2%
  • Veröffentlicht 01.06.2026 03:33:03
  • Zuletzt bearbeitet 15.06.2026 12:45:43

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affect...

  • EPSS 0.14%
  • Veröffentlicht 01.06.2026 03:32:53
  • Zuletzt bearbeitet 15.06.2026 12:43:58

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to...

  • EPSS 0.14%
  • Veröffentlicht 01.06.2026 03:32:47
  • Zuletzt bearbeitet 15.06.2026 12:42:03

An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This is...

  • EPSS 0.33%
  • Veröffentlicht 01.06.2026 03:32:38
  • Zuletzt bearbeitet 15.06.2026 12:39:37

An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of ser...

  • EPSS 0.22%
  • Veröffentlicht 01.06.2026 03:32:28
  • Zuletzt bearbeitet 15.06.2026 12:43:04

An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS) attacks via crafted request parameters associated with ticket a...

  • EPSS 0.25%
  • Veröffentlicht 31.05.2026 21:11:25
  • Zuletzt bearbeitet 15.06.2026 12:47:16

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket ...

  • EPSS 0.19%
  • Veröffentlicht 20.04.2026 18:20:01
  • Zuletzt bearbeitet 21.04.2026 16:20:24

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:  * 7.0.X * 8.0.X * 2023.X * 2024.X ...

  • EPSS 0.24%
  • Veröffentlicht 14.07.2025 08:15:58
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This...