pkg:Debian/otrs2
共 134 筆 CVECRITICAL1HIGH25MEDIUM58
✅ 檢查你的版本
所有已知漏洞
- from 0, < 6.0.30-1
- CRITICAL9.8CVE-2022-4427Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservic…from 0
- HIGH8.8CVE-2023-38060Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS…from 0
- HIGH8.8CVE-2021-36100Specially crafted string in OTRS system configuration can allow the execution of any system command.from 0
- from 0, < 2.4.9+dfsg1-3+squeeze4
- from 0, < 3.2.9-1
- from 0, < 6.0.10-1
- from 0, < 5.0.16-1+deb9u6
- from 0, < 3.3.18-1+deb8u5
- from 0, < 3.3.18-1+deb8u4
- from 0, < 6.0.3-1
- from 0, < 3.3.18-1~deb7u3
- HIGH8.8CVE-2017-16921In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who…from 0, < 6.0.2-1
- from 0, < 5.0.24-1
- from 0, < 3.3.18-1+deb8u2
- from 0, < 3.3.18-1~deb7u2
- from 0, < 4.0.7-2
- from 0, < 3.3.18-1+deb8u1
- from 0, < 5.0.23-1
- from 0, < 3.3.9-3+deb8u1
- from 0, < 5.0.20-1
- HIGH8.1CVE-2020-1773An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-20…from 0, < 6.0.27-1
- from 0, < 6.0.32-5
- from 0, < 6.0.32-4
- HIGH7.5CVE-2020-1772It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generate…from 0, < 6.0.27-1
- HIGH7.5CVE-2019-18180Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g.from 0, < 6.0.24-1
- HIGH7.2CVE-2018-7567In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are ab…from 0
- from 0, < 6.0.30-1
- from 0
- from 0
- from 0
- MEDIUM6.5CVE-2021-21440Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.from 0, < 6.0.32-6
- MEDIUM6.5CVE-2021-21439DoS attack can be performed when an email contains specially designed URL in the body.from 0, < 6.0.32-5
- from 0, < 3.2.8-1
- from 0, < 3.1.7+dfsg1-8+deb7u2
- from 0, < 3.1.7+dfsg1-8+deb7u1
- from 0, < 3.2.7-1
- MEDIUM6.5CVE-2013-2625An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before…from 0, < 3.1.7+dfsg1-8
- MEDIUM6.5CVE-2019-13458An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x thro…from 0, < 6.0.20-1
- MEDIUM6.5CVE-2019-12746An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.from 0, < 6.0.20-1
- from 0, < 6.0.18-1
- from 0, < 3.3.18-1+deb8u9
- MEDIUM6.5CVE-2018-20800An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13.from 0, < 6.0.14-1
- MEDIUM6.5CVE-2018-19143Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete…from 0, < 6.0.13-1
- MEDIUM6.5CVE-2018-16587In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious…from 0, < 6.0.11-1
- from 0, < 6.0.2-1
- from 0, < 3.3.18-1+deb8u3
- MEDIUM6.1CVE-2018-17883An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12.from 0, < 6.0.12-1
- MEDIUM6.1CVE-2020-1766Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute mali…from 0, < 6.0.25-1
- from 0, < 6.0.26-1
- from 0, < 3.3.18-1+deb8u14
- from 0, < 6.0.16-2+deb10u1
- from 0, < 3.1.7+dfsg1-8+deb7u6
- from 0, < 5.0.14-1
- MEDIUM5.4CVE-2020-1771Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript).from 0, < 6.0.27-1
- MEDIUM5.4CVE-2019-16375An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x thr…from 0, < 6.0.23-1
- MEDIUM5.4CVE-2019-10067An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through…from 0, < 6.0.18-1
- MEDIUM5.4CVE-2019-10066An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointment…from 0, < 6.0.18-1
- from 0, < 3.3.18-1+deb8u8
- from 0, < 6.0.16-1
- from 0, < 6.0.25-1
- from 0, < 3.3.18-1+deb8u13
- MEDIUM5.3CVE-2019-12497An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edi…from 0, < 6.0.19-1
- MEDIUM4.9CVE-2020-1774When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys.from 0, < 6.0.28-1
- MEDIUM4.8CVE-2019-9751An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5.from 0, < 6.0.17-1
- MEDIUM4.8CVE-2018-19142Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.from 0, < 6.0.13-1
- from 0, < 3.3.18-1+deb8u7
- from 0, < 6.0.1-1
- from 0, < 6.0.8-1
- from 0, < 3.3.18-1+deb8u11
- MEDIUM4.3CVE-2021-36091Agents are able to list appointments in the calendars without required permissions.from 0, < 6.0.32-6
- MEDIUM4.3CVE-2021-21443Agents are able to list customer user emails without required permissions in the bulk action screen.from 0, < 6.0.32-6
- MEDIUM4.3CVE-2020-1776When an agent user is renamed or set to invalid the session belonging to the user is keept active.from 0, < 6.0.29-1
- from 0, < 3.3.18-1+deb8u15
- from 0, < 6.0.27-1
- MEDIUM4.3CVE-2020-1769In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as securit…from 0, < 6.0.27-1
- from 0, < 6.0.25-1
- from 0, < 6.0.24-1
- from 0, < 3.3.18-1+deb8u12
- from 0, < 6.0.19-1
- from 0, < 3.3.18-1+deb8u10
- from 0, < 6.0.11-1
- from 0, < 3.3.18-1+deb8u6
- from 0, < 6.0.7-1
- from 0, < 3.3.9-3
- from 0, < 3.1.7+dfsg1-8+deb7u5
- —CVE-2014-2554OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME…from 0, < 3.3.6-1
- —CVE-2014-2553Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.…from 0, < 3.3.6-1
- from 0, < 3.3.18-1~deb7u1
- from 0, < 3.3.5-1
- —CVE-2014-1694Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketP…from 0, < 3.3.4-1
- from 0, < 2.4.9+dfsg1-3+squeeze5
- from 0, < 3.3.4-1
- —CVE-2012-4751Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x…from 0, < 3.1.7+dfsg1-6
- —CVE-2012-4600Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x…from 0, < 3.1.7+dfsg1-5
- from 0, < 2.4.9+dfsg1-3+squeeze3
- from 0, < 3.1.7+dfsg1-4
- —CVE-2011-2746Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and…from 0, < 2.4.7-1
- from 0, < 2.4.9+dfsg1-3+squeeze1
- from 0, < 2.4.10+dfsg1-1
- —CVE-2011-1433The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials i…from 0, < 3.0.8+dfsg1-1
- —CVE-2010-4768Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to byp…from 0, < 2.4.5-1
- —CVE-2010-4767Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters as…from 0, < 2.4.5-1
- —CVE-2010-4766The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail me…from 0, < 2.4.7+dfsg1-1
- —CVE-2010-4765Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated…from 0, < 2.4.8+dfsg1-1
- —CVE-2010-4764Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages t…from 0, < 2.4.10+dfsg1-1
- —CVE-2010-4763The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options af…from 0, < 3.0.8+dfsg1-1
- —CVE-2010-4762Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows r…from 0, < 3.0.8+dfsg1-1
- —CVE-2010-4761The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visi…from 0, < 3.0.8+dfsg1-1
- —CVE-2010-4760Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notif…from 0, < 3.0.8+dfsg1-1
- —CVE-2010-4759Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, whic…from 0, < 3.0.8+dfsg1-1
- —CVE-2010-4758installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the p…from 0, < 3.0.8+dfsg1-1
- —CVE-2009-5057The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for Ope…from 0, < 2.4.5-1
- —CVE-2009-5056Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows r…from 0, < 2.4.5-1
- —CVE-2009-5055Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which…from 0, < 2.4.5-1
- —CVE-2008-7283Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intende…from 0, < 2.2.6-1
- —CVE-2008-7282Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSe…from 0, < 2.2.6-1
- —CVE-2008-7281Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, whic…from 0, < 2.2.7-1
- —CVE-2008-7280Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail message…from 0, < 2.2.7-1
- —CVE-2008-7279The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended acce…from 0, < 2.3.2-1
- —CVE-2008-7278The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFIL…from 0, < 2.3.2-1
- —CVE-2008-7277Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during autho…from 0, < 2.3.2-1
- —CVE-2008-7276Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which…from 0, < 2.3.2-1
- —CVE-2008-7275Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbi…from 0, < 2.3.3-1
- —CVE-2011-0456webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified v…from 0, < 2.4.5-1
- —CVE-2010-4071Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers t…from 0, < 2.4.9+dfsg1-1
- —CVE-2010-3476Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressio…from 0, < 2.4.8+dfsg1-1
- —CVE-2010-2080Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow re…from 0, < 2.4.8+dfsg1-1
- from 0, < 2.2.7-2lenny3
- from 0, < 2.4.7-1
- —CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests…from 0, < 2.3.4-6
- —CVE-2008-1515The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests…from 0, < 2.2.5-2
- from 0, < 2.1.1-1
- from 0, < 2.0.4p01-17