CVE-2021-21437— Config Items are shown to users without permission

CVSS 3.5 · Low EPSS 0.11% · P29 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-21437

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Config Items are shown to users without permission

Source: NVD (National Vulnerability Database)

Vulnerability Description

Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

权限、特权和访问控制

Source: NVD (National Vulnerability Database)

Vulnerability Title

OTRS AG OTRSCIsInCustomerFrontend 权限许可和访问控制问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OTRS AG OTRSCIsInCustomerFrontend是美国OTRS公司的一个管理系统。提供了现代，灵活的票证和流程管理服务。 OTRSCIsInCustomerFrontend 存在安全漏洞，该漏洞源于在没有权限的情况下查看链接的配置项，这些配置项在通用目录中定义。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
OTRS AG	OTRSCIsInCustomerFrontend	7.0.x ~ 7.0.15	-
OTRS AG	ITSMConfigurationManagement	7.0.x ~ 7.0.24	-

II. Public POCs for CVE-2021-21437

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-21437

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: OTRSCIsInCustomerFrontend

CVE-2021-21436
Agent is able to link customer's Config Items without permis

Same vendor: OTRS AG

Same weakness: CWE-264

V. Comments for CVE-2021-21437

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-21437— Config Items are shown to users without permission

I. Basic Information for CVE-2021-21437

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-21437

III. Intelligence Information for CVE-2021-21437

IV. Related Vulnerabilities

V. Comments for CVE-2021-21437

Leave a comment