Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OTRS AG — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting OTRS AG. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OTRS AG develops open-source IT service management software, primarily functioning as a ticketing system for enterprise support and incident tracking. The platform’s extensive feature set and long market presence have resulted in a significant historical vulnerability footprint, with 73 Common Vulnerabilities and Exposures currently recorded. Analysis of these flaws reveals a pattern of critical security weaknesses, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which often stem from insufficient input validation in legacy modules. Additionally, several instances of privilege escalation have been documented, allowing unauthorized users to gain administrative control. While the vendor has implemented regular patching cycles to address these issues, the high volume of past exploits highlights the complexity of securing a mature, feature-rich application. Organizations deploying this solution must prioritize rigorous patch management and strict access controls to mitigate the residual risks associated with its extensive attack surface.

Top products by OTRS AG: OTRS ((OTRS)) Community Edition OTRSCIsInCustomerFrontend OTRSTicketForms Survey FAQ Time Accounting OTRSCustomContactFields
CVE IDTitleCVSSSeverityPublished
CVE-2020-1777 Agent names disclosed in chat feature — OTRSCWE-200 4.3 Medium2020-10-15
CVE-2020-1776 Invalidating or changing user does not invalidate session — ((OTRS)) Community EditionCWE-613 3.5 Low2020-07-20
CVE-2020-1775 Information disclosure in external interface — OTRSCWE-200 3.5 Low2020-06-08
CVE-2020-1774 Information disclosure — ((OTRS)) Community EditionCWE-201 4.5 Medium2020-04-28
CVE-2020-1773 Session / Password / Password token leak — ((OTRS)) Community EditionCWE-331 7.3 High2020-03-27
CVE-2020-1772 Information Disclosure — ((OTRS)) Community EditionCWE-155 6.5 Medium2020-03-27
CVE-2020-1771 Possible XSS in Customer user address book — ((OTRS)) Community EditionCWE-79 4.6 Medium2020-03-27
CVE-2020-1770 Information disclosure in support bundle files — ((OTRS)) Community EditionCWE-201 2.4 Low2020-03-27
CVE-2020-1769 Autocomplete in the form login screens — ((OTRS)) Community EditionCWE-16 3.5 Low2020-03-27
CVE-2020-1768 External Interface does not invalidate session — OTRSCWE-613 5.4 Medium2020-02-07
CVE-2020-1767 Possible to send drafted messages as wrong agent — ((OTRS)) Community Edition 3.5 Low2020-01-10
CVE-2020-1766 Improper handling of uploaded inline images — ((OTRS)) Community EditionCWE-79 2.0 Low2020-01-10
CVE-2020-1765 Spoofing of From field in several screens — ((OTRS)) Community EditionCWE-472 3.5 Low2020-01-10

This page lists every published CVE security advisory associated with OTRS AG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.