Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OTRS AG — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting OTRS AG. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OTRS AG develops open-source IT service management software, primarily functioning as a ticketing system for enterprise support and incident tracking. The platform’s extensive feature set and long market presence have resulted in a significant historical vulnerability footprint, with 73 Common Vulnerabilities and Exposures currently recorded. Analysis of these flaws reveals a pattern of critical security weaknesses, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which often stem from insufficient input validation in legacy modules. Additionally, several instances of privilege escalation have been documented, allowing unauthorized users to gain administrative control. While the vendor has implemented regular patching cycles to address these issues, the high volume of past exploits highlights the complexity of securing a mature, feature-rich application. Organizations deploying this solution must prioritize rigorous patch management and strict access controls to mitigate the residual risks associated with its extensive attack surface.

Found 20 results / 73Clear Filters
Top products by OTRS AG: OTRS ((OTRS)) Community Edition OTRSCIsInCustomerFrontend OTRSTicketForms Survey FAQ Time Accounting OTRSCustomContactFields
CVE IDTitleCVSSSeverityPublished
CVE-2021-36096 Support Bundle includes S/Mime and PGP secret or PIN — ((OTRS)) Community EditionCWE-200 5.2 Medium2021-09-06
CVE-2021-36095 User enumeration issue using "lost password" feature — ((OTRS)) Community EditionCWE-200 5.3 Medium2021-09-06
CVE-2021-36094 XSS attack in appointment edit popup screen — ((OTRS)) Community EditionCWE-79 5.7 Medium2021-09-06
CVE-2021-36093 DoS attack using PostMaster filters — ((OTRS)) Community EditionCWE-185 5.3 Medium2021-09-06
CVE-2021-36092 XSS attack using special link in email — ((OTRS)) Community EditionCWE-79 6.5 Medium2021-07-26
CVE-2021-36091 Unautorized access to the calendar appointments — ((OTRS)) Community EditionCWE-200 3.5 Low2021-07-26
CVE-2021-21443 Unautorized listing of the customer user emails — ((OTRS)) Community EditionCWE-200 3.5 Low2021-07-26
CVE-2021-21440 Support Bundle includes S/Mime and PGP keys — ((OTRS)) Community EditionCWE-200 5.2 Medium2021-07-26
CVE-2021-21441 XSS in the ticket overview screens — ((OTRS)) Community EditionCWE-79 7.5 High2021-06-16
CVE-2021-21439 Possible DoS attack using a special crafted URL in email body — ((OTRS)) Community EditionCWE-754 6.5 Medium2021-06-14
CVE-2020-1776 Invalidating or changing user does not invalidate session — ((OTRS)) Community EditionCWE-613 3.5 Low2020-07-20
CVE-2020-1774 Information disclosure — ((OTRS)) Community EditionCWE-201 4.5 Medium2020-04-28
CVE-2020-1773 Session / Password / Password token leak — ((OTRS)) Community EditionCWE-331 7.3 High2020-03-27
CVE-2020-1772 Information Disclosure — ((OTRS)) Community EditionCWE-155 6.5 Medium2020-03-27
CVE-2020-1771 Possible XSS in Customer user address book — ((OTRS)) Community EditionCWE-79 4.6 Medium2020-03-27
CVE-2020-1770 Information disclosure in support bundle files — ((OTRS)) Community EditionCWE-201 2.4 Low2020-03-27
CVE-2020-1769 Autocomplete in the form login screens — ((OTRS)) Community EditionCWE-16 3.5 Low2020-03-27
CVE-2020-1767 Possible to send drafted messages as wrong agent — ((OTRS)) Community Edition 3.5 Low2020-01-10
CVE-2020-1766 Improper handling of uploaded inline images — ((OTRS)) Community EditionCWE-79 2.0 Low2020-01-10
CVE-2020-1765 Spoofing of From field in several screens — ((OTRS)) Community EditionCWE-472 3.5 Low2020-01-10

This page lists every published CVE security advisory associated with OTRS AG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.