Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OTRS AG — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting OTRS AG. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OTRS AG develops open-source IT service management software, primarily functioning as a ticketing system for enterprise support and incident tracking. The platform’s extensive feature set and long market presence have resulted in a significant historical vulnerability footprint, with 73 Common Vulnerabilities and Exposures currently recorded. Analysis of these flaws reveals a pattern of critical security weaknesses, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which often stem from insufficient input validation in legacy modules. Additionally, several instances of privilege escalation have been documented, allowing unauthorized users to gain administrative control. While the vendor has implemented regular patching cycles to address these issues, the high volume of past exploits highlights the complexity of securing a mature, feature-rich application. Organizations deploying this solution must prioritize rigorous patch management and strict access controls to mitigate the residual risks associated with its extensive attack surface.

Top products by OTRS AG: OTRS ((OTRS)) Community Edition OTRSCIsInCustomerFrontend OTRSTicketForms Survey FAQ Time Accounting OTRSCustomContactFields
CVE IDTitleCVSSSeverityPublished
CVE-2022-39051 Perl Code execution in Template Toolkit — OTRSCWE-913 6.8 Medium2022-09-05
CVE-2022-39050 Possible XSS stored in customer information — OTRSCWE-79 4.6 Medium2022-09-05
CVE-2022-39049 Possible XSS in Admin Interface — OTRSCWE-79 3.5 Low2022-09-05
CVE-2022-32741 Information disclosure in Request New Password feature — OTRSCWE-200 5.3 Medium2022-06-13
CVE-2022-32740 Information disclosure in the External Interface — OTRSCWE-200 3.5 Low2022-06-13
CVE-2022-32739 OTRS version number is always in the exported ICS files — OTRSCWE-200 3.5 Low2022-06-13
CVE-2022-1004 Information disclosure in the External Interface — OTRSCWE-200 4.3 Medium2022-03-21
CVE-2022-0475 Possible XSS attack via translation — OTRSCWE-79 3.5 Low2022-03-21
CVE-2021-36100 Authenticated remote code execution — OTRS 6.4 Medium2022-03-21
CVE-2022-0474 Disclosure of mail addresses — OTRSCustomContactFieldsCWE-200 2.4 Low2022-02-07
CVE-2022-0473 Dynamic field error message is vulnerable to XSS — OTRSCWE-79 3.8 Low2022-02-07
CVE-2021-36097 Agents are able to lock the ticket without the "Owner" permission — OTRSCWE-266 3.5 Low2021-10-18
CVE-2021-36096 Support Bundle includes S/Mime and PGP secret or PIN — ((OTRS)) Community EditionCWE-200 5.2 Medium2021-09-06
CVE-2021-36095 User enumeration issue using "lost password" feature — ((OTRS)) Community EditionCWE-200 5.3 Medium2021-09-06
CVE-2021-36094 XSS attack in appointment edit popup screen — ((OTRS)) Community EditionCWE-79 5.7 Medium2021-09-06
CVE-2021-36093 DoS attack using PostMaster filters — ((OTRS)) Community EditionCWE-185 5.3 Medium2021-09-06
CVE-2021-36092 XSS attack using special link in email — ((OTRS)) Community EditionCWE-79 6.5 Medium2021-07-26
CVE-2021-36091 Unautorized access to the calendar appointments — ((OTRS)) Community EditionCWE-200 3.5 Low2021-07-26
CVE-2021-21443 Unautorized listing of the customer user emails — ((OTRS)) Community EditionCWE-200 3.5 Low2021-07-26
CVE-2021-21442 XSS vulnerability in Time Accounting — Time AccountingCWE-79 4.5 Medium2021-07-26
CVE-2021-21440 Support Bundle includes S/Mime and PGP keys — ((OTRS)) Community EditionCWE-200 5.2 Medium2021-07-26
CVE-2021-21441 XSS in the ticket overview screens — ((OTRS)) Community EditionCWE-79 7.5 High2021-06-16
CVE-2021-21439 Possible DoS attack using a special crafted URL in email body — ((OTRS)) Community EditionCWE-754 6.5 Medium2021-06-14
CVE-2021-21438 FAQ articles are shown to users without permission — FAQCWE-264 3.5 Low2021-03-22
CVE-2021-21437 Config Items are shown to users without permission — OTRSCIsInCustomerFrontendCWE-264 3.5 Low2021-03-22
CVE-2021-21436 Agent is able to link customer's Config Items without permission — OTRSCIsInCustomerFrontendCWE-264 3.5 Low2021-02-08
CVE-2021-21435 Information exposure in PDF export — OTRSCWE-200 5.7 Medium2021-02-08
CVE-2021-21434 XSS in Survey Module — SurveyCWE-79 3.5 Low2021-02-08
CVE-2020-1779 Dynamic templates reveal sensitive data when OTRS tags are used — OTRSTicketFormsCWE-200 4.3 Medium2021-02-08
CVE-2020-1778 Bypassing user account validation — OTRSCWE-287 4.1 Medium2020-11-23

This page lists every published CVE security advisory associated with OTRS AG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.