Otrs

Otrs

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2019-9751

  • EPSS 0.4%
  • Veröffentlicht 13.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:14

An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related ...

5.4

CVE-2019-9752

  • EPSS 0.62%
  • Veröffentlicht 13.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:14

An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause exec...

4.3

CVE-2018-10198

  • EPSS 0.23%
  • Veröffentlicht 06.06.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:00

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.

9

CVE-2018-7567

Exploit
  • EPSS 2.24%
  • Veröffentlicht 04.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:23

In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeIn...

8.8

CVE-2017-17476

  • EPSS 0.91%
  • Veröffentlicht 20.12.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

6.5

CVE-2017-16854

  • EPSS 0.36%
  • Veröffentlicht 08.12.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets...

9

CVE-2017-16921

Exploit
  • EPSS 33.87%
  • Veröffentlicht 08.12.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell com...

8.8

CVE-2017-16664

  • EPSS 1.22%
  • Veröffentlicht 21.11.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user...

8.8

CVE-2017-15864

  • EPSS 0.5%
  • Veröffentlicht 16.11.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.

8.8

CVE-2017-14635

  • EPSS 0.73%
  • Veröffentlicht 21.09.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.