Browse all 73 CVE security advisories affecting OTRS AG. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OTRS AG develops open-source IT service management software, primarily functioning as a ticketing system for enterprise support and incident tracking. The platform’s extensive feature set and long market presence have resulted in a significant historical vulnerability footprint, with 73 Common Vulnerabilities and Exposures currently recorded. Analysis of these flaws reveals a pattern of critical security weaknesses, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which often stem from insufficient input validation in legacy modules. Additionally, several instances of privilege escalation have been documented, allowing unauthorized users to gain administrative control. While the vendor has implemented regular patching cycles to address these issues, the high volume of past exploits highlights the complexity of securing a mature, feature-rich application. Organizations deploying this solution must prioritize rigorous patch management and strict access controls to mitigate the residual risks associated with its extensive attack surface.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-21438 | FAQ articles are shown to users without permission — FAQCWE-264 | 3.5 | Low | 2021-03-22 |
This page lists every published CVE security advisory associated with OTRS AG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.