目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

OTRS AG 厂商漏洞列表 / CVE 中文分析 81

OTRS AG 厂商相关 81 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

OTRS AG 主要开发开源工单系统 OTRS,用于企业级客户服务与 IT 运维管理。其历史漏洞多涉及跨站脚本(XSS)、越权访问及远程代码执行,常因输入验证不足或权限逻辑缺陷引发。尽管系统提供基础安全配置选项,但过往多次因组件更新滞后导致高危 CVE 累积。建议用户及时修补已知缺陷,强化访问控制策略以应对潜在攻击风险。

CVE IDタイトルCVSS深刻度公開日
CVE-2026-48187 Email with special content can lead to DoS — OTRSCWE-400 5.7 Medium2026-06-01
CVE-2026-48188 SQL Injection via MySQL Quote Method — OTRSCWE-20 9.1 Critical2026-06-01
CVE-2026-48189 Bypass DedicatedAgentToCustomerGroups Setting — OTRSCWE-200 5.7 Medium2026-06-01
CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module — OTRSCWE-276 3.5 Low2026-06-01
CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters — OTRSCWE-276 3.5 Low2026-06-01
CVE-2026-48208 Denial-of-Service via SVG Rendering in Ticket — OTRSCWE-400 6.5 Medium2026-06-01
CVE-2026-48209 Reflected XSS in authenticated agent context — OTRSCWE-79 7.1 High2026-06-01
CVE-2026-48210 Possible information disclosure via External Interface — OTRSCWE-200 5.7 Medium2026-05-31
CVE-2026-6060 Possible DoS via SQL Box — OTRSCWE-400 4.5 Medium2026-04-20
CVE-2025-24391 Possible user enumeration — OTRSCWE-203 5.3 Medium2025-07-14
CVE-2025-24388 Unsafe handling of AJAX calls — OTRSCWE-184 3.8 Low2025-06-16
CVE-2025-24387 Missing CSRF protection — OTRSCWE-1275 4.8 Medium2025-03-10
CVE-2025-24390 Missing Cookie Flags — OTRSCWE-614 6.8 Medium2025-01-27
CVE-2025-24389 SMTP Password will be shown in cleartext on some SMTP errors — OTRSCWE-532 6.3 Medium2025-01-27
CVE-2024-43446 Improper check of permissions in Generic Interface — OTRSCWE-269 3.5 Low2025-01-27
CVE-2024-43445 Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing — OTRSCWE-20 5.4 Medium2025-01-27
CVE-2024-43444 Passwords are written to Admin Log Module — OTRSCWE-532 8.2 High2024-08-26
CVE-2024-43443 Stored XSS in process management — OTRSCWE-790 4.9 Medium2024-08-26
CVE-2024-43442 Stored XSS in System Configuration — OTRSCWE-790 4.9 Medium2024-08-26
CVE-2024-23794 Agents are able to lock the ticket without the "Owner" permission — OTRSCWE-266 5.2 Medium2024-07-15
CVE-2024-6540 Information exlosure in external interface — OTRSCWE-790 5.7 Medium2024-07-15
CVE-2024-23793 Upload of files outside application directory — OTRSCWE-22 6.3 Medium2024-06-06
CVE-2024-23790 Missing file type check in avatar picture upload — OTRSCWE-20 3.5 Low2024-01-29
CVE-2024-23791 Unnecessary data is written to log if issues during indexing occurs — OTRSCWE-532 4.9 Medium2024-01-29
CVE-2024-23792 Insufficient access control — OTRSCWE-287 5.3 Medium2024-01-29
CVE-2023-6254 Password is send back to client — OTRSCWE-522 8.1 High2023-11-27
CVE-2023-5421 Possible XSS execution in customer information — OTRSCWE-20 3.5 Low2023-10-16
CVE-2023-38059 External pictures can be loaded even if not allowed by configuration — OTRSCWE-200 5.3 Medium2023-10-16
CVE-2023-5422 SSL Certificates are not checked for E-Mail Handling — OTRSCWE-295 8.7 High2023-10-16
CVE-2023-38060 Host header injection by attachments in web service — OTRSCWE-20 6.3 Medium2023-07-24

本页汇总了 OTRS AG 厂商截至目前公开的全部 81 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。