Security Advisories

Subscribe to the "announcement" mailing list to stay up-to-date about releases and security updates.

Release name	Release date	Titel	References	Risk level	Details
OTRS Security Advisory 2019-01	01/18/2019	Stored XSS	CVE-2019-9752	LOW	January 18, 2019 — Security Advisory Details ID: OSA-2019-01 Date: 2019-01-18 Title: Stored XSS Severity: 3.2. low Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.4, OTRS 6.0.16, OTRS 5.0.34read more
OTRS Security Advisory 2019-02	03/01/2019	XSS	CVE-2019-9751	LOW	March 01, 2019 — Security Advisory Details ID: OSA-2019-02 Date: 2019-03-01 Title: XSS Severity: 3.2 low Product: OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 7.0.5, OTRS 6.0.17 FULL CVSS v3 VECTOR: CVSS read more
OTRS Security Advisory 2019-03	03/08/2019	Information Disclosure	CVE-2019-9753	LOW	March 08, 2019 — Security Advisory Details ID: OSA-2019-03 Date: 2019-03-08 Title: Information Disclosure Severity: 3.1. low Product: OTRS 7.0.x, ITSMConfigurationManagement 7.0.x Fixed in: OTRS 7.0.5, ITSMCo read more
OTRS Security Advisory 2019-04	04/26/2019	XXE Processing	CVE-2019-9892	MEDIUM	April 26, 2019 — Security Advisory Details ID: OSA-2019-04 Date: 2019-04-26 Title: XXE Processing Severity: 6.1 medium Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.7, OTRS 6.0.18, OTRS 5.0.3 read more
OTRS Security Advisory 2019-05	04/26/2019	Reflected and Stored XSS	CVE-2019-10067	LOW	April 26, 2019 — Security Advisory Details ID: OSA-2019-05 Date: 2019-04-26 Title: Reflected and Stored XSS Severity: 3.1 low Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.7, OTRS 6.0.18, OTR read more
OTRS Security Advisory 2019-06	04/26/2019	Stored XSS	CVE-2019-10066	LOW	April 26, 2019 — Security Advisory Details ID: OSA-2019-06 Date: 2019-04-26 Title: Stored XSS Severity: 3.7 low Product: OTRS 7.0.x, OTRS 6.0.x, OTRSAppointmentCalendar 5.0.x Fixed in: OTRS 7.0.7, OTRS 6.0.18 read more
OTRS Security Advisory 2019-07	04/26/2019	Information Disclosure	CVE-2019-10065	LOW	April 26, 2019 — Security Advisory Details ID: OSA-2019-07 Date: 2019-04-26 Title: Information Disclosure Severity: 3.1. low Product: OTRS 7.0.x Fixed in: OTRS 7.0.7 FULL CVSS v3 VECTOR: CVSS:3.0/ read more
OTRS Security Advisory 2019-08	05/31/2019	Loading External Image Resources	CVE-2019-12248	LOW	May 31, 2019 — Security Advisory Details ID: OSA-2019-08 Date: 2019-05-31 Title: Loading External Image Resources Severity: 3.5. low Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.8, OTRS 6.0. read more
OTRS Security Advisory 2019-09	05/31/2019	Information Disclosure	CVE-2019-12497	LOW	May 31, 2019 — Security Advisory Details ID: OSA-2019-09 Date: 2019-05-31 Title: Information Disclosure Severity: 2.8. low Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.8, OTRS 6.0.19, OTRS 5 read more
OTRS Security Advisory 2019-10	07/12/2019	Information Disclosure	CVE-2019-12746	LOW	July 12, 2019 — Security Advisory Details ID: OSA-2019-10 Date: 2019-07-12 Title: Information Disclosure Severity: 3.1. low Product: OTRS 6.0.x, OTRSBusiness 6.0.x, OTRS 5.0.x Fixed in: OTRS 6.0.20, OTRSBusin read more
OTRS Security Advisory 2019-11	07/12/2019	Information Disclosure	CVE-2019-13457	LOW	July 12, 2019 — Security Advisory Details ID: OSA-2019-11 Date: 2019-07-12 Title: Information Disclosure Severity: 3.8. low Product: OTRS 7.0.x Fixed in: OTRS 7.0.9 FULL CVSS v3 VECTOR: CVSS:3.0/A read more
OTRS Security Advisory 2019-12	07/12/2019	Information Disclosure	CVE-2019-13458	LOW	July 12, 2019 — Security Advisory Details ID: OSA-2019-12 Date: 2019-07-12 Title: Information Disclosure Severity: 2.4. low Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.9, OTRS 6.0.20, OTRS read more
OTRS Security Advisory 2019-13	10/04/2019	Stored XSS	CVE-2019-16375	LOW	October 04, 2019 — Security Advisory Details ID: OSA-2019-13 Date: 2019-09-03 Title: Stored XSS Severity: 3.2 Low Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.12, OTRS 6.0.23, OTRS 5.0.38read more
OTRS Security Advisory 2019-14	11/15/2019	Information Disclosure	CVE-2019-18179	LOW	November 15, 2019 — Security Advisory Details ID: OSA-2019-14 Date: 2019-11-15 Title: Information Disclosure Severity: Low Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.13, OTRS 6.0.24, OTRS read more
OTRS Security Advisory 2019-15	11/15/2019	Denial of service	CVE-2019-18180	MEDIUM	November 15, 2019 — Security Advisory Details ID: OSA-2019-15 Date: 2019-11-15 Title: Denial of service Severity: Medium Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.13, OTRS 6.0.24, OTRS 5. read more
OTRS Security Advisory 2020-01	01/10/2020	Spoofing of From field in several screens	CVE-2020-1765	LOW	January 10, 2020 — Security Advisory Details ID: OSA-2020-01 Date: 2020-01-10 Title: Spoofing of From field in several screens Severity: 3.5. LOW Product: OTRS 7.0.x, ((OTRS)) Community Edition 6.0.x, ((OTRS)) Community Edition 5.0.x Fixed in: read more
OTRS Security Advisory 2020-02	01/10/2020	Improper handling of uploaded inline images	CVE-2020-1766	LOW	January 10, 2020 — Security Advisory Details ID: OSA-2020-02 Date: 2020-01-10 Title: Improper handling of uploaded inline images Severity: 2.0 LOW Product: OTRS 7.0.x, ((OTRS)) Community Edition 6.0.x, ((OTRS)) Community Edition 5.0.x Fixed in read more
OTRS Security Advisory 2020-03	01/10/2020	Possible to send drafted messages as wrong agent	CVE-2020-1767	LOW	January 10, 2020 — ID: OSA-2020-03 Date: 2020-01-10 Title: Possible to send drafted messages as wrong agent Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 7.0.14, OTRS 6.0.25 FULL CVSS v3.1 VECTOR: CVSS:3. read more
OTRS Security Advisory 2020-04	02/07/2020	External interface does not invalidate user session	CVE-2020-1768	MEDIUM	February 07, 2020 — ID: OSA-2020-04 Date: 2020-02-07 Title: External interface does not invalidate user session Sev read more
OTRS Security Advisory 2020-05	02/07/2020	Vulnerability in third-party library - jquery	CVE-2019-11358	MEDIUM	February 07, 2020 — uid OTRS Security Team <security@otrs.org> ID: OSA-2020-05 Date: 2020-02-07 Title: Vulnerability in third-party library - jquery Severity: Medium Product: OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 7.0.15, OTRS 6.0.26 FULL CVSS v3.0 VECTOR: 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N< read more
OTRS Security Advisory 2020-06	03/27/2020	Autocomplete in the form login screens	CVE-2020-1769	LOW	March 27, 2020 — ID: OSA-2020-06 Date: 2020-03-27 Title: Autocomplete in the form login screens Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.16, OTRS 6.0.27, OTRS 5.0.42 FULL CVSS VECTOR: read more
OTRS Security Advisory 2020-07	03/27/2020	Information disclosure in support bundle files	CVE-2020-1770	LOW	March 27, 2020 — ID: OSA-2020-07 Date: 2020-03-27 Title: Information disclosure in support bundle files Severity: 2.4 LOW Product: OTRS 7.0.x, OTRS 6.0.x OTRS 5.0.x Fixed in: OTRS 7.0.16, OTRS 6.0.27, OTRS 5.0.42 FULL CVSS read more
OTRS Security Advisory 2020-08	03/27/2020	Possible XSS in Customer user address book	CVE-2020-1771	MEDIUM	March 27, 2020 — ID: OSA-2020-08 Date: 2020-03-27 Title: Possible XSS in Customer user address book Severity: 4.6 MEDIUM Product: OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 7.0.16, OTRS 6.0.27 FULL CVSS VECTOR: CVSS:3.1/AV:N/AC: read more
OTRS Security Advisory 2020-09	03/27/2020	Information Disclosure	CVE-2020-1772	MEDIUM	March 27, 2020 — ID: OSA-2020-09 Date: 2020-03-27 Title: Information Disclosure Severity: 6.5 MEDIUM Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.16, OTRS 6.0.27, 5.0.42 FULL CVSS VECTOR: CVSS:3.1/AV:N/AC: read more
OTRS Security Advisory 2020-10	03/27/2020	Session / Password token leak	CVE-2020-1773	HIGH	March 27, 2020 — ID: OSA-2020-10 Date: 2020-03-27 Title: Session / Password token leak Severity: 7.3 HIGH Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.16, OTRS 6.0.27, 5.0.42 FULL CVSS VECTOR: CVSS:3.1/AV: read more
OTRS Security Advisory 2020-11	04/27/2020	Information disclosure	CVE-2020-1774	MEDIUM	April 27, 2020 — ID: OSA-2020-11 Date: 2020-04-24 Title: Information disclosure Severity: 4.5 MEDIUM Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in: OTRS 7.0.17, OTRS 6.0.28 FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/U read more
OTRS Security Advisory 2020-12	06/08/2020	Information disclosure	CVE-2020-1775	LOW	June 08, 2020 — ID: OSA-2020-12 Date: 2020-06-08 Title: Information disclosure Severity: 3.5. LOW Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 7.0.18, OTRS 8.0.4 FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/ read more
OTRS Security Advisory 2020-13	07/20/2020	Invalidating or changing user does not invalidate session	CVE-2020-1776	LOW	July 20, 2020 — ID: OSA-2020-13 Date: 2020-07-20 Title: Invalidating or changing user does not invalidate session Severity: 3.5 LOW Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.5 OTRS 7.0.19, OTRS 6.0.29 F read more
OTRS Security Advisory 2020-14	10/12/2020	Vulnerability in third-party library - jquery	CVE-2020-11023, CVE-2020-11022	MEDIUM	October 12, 2020 — ID: OSA-2020-14 Date: 2020-10-12 Title: Vulnerability in third-party library - jquery Severity: 6.3 MEDIUM, 6.5 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.7, OTRS 7.0.22, OTRS 6.0.30 read more
OTRS Security Advisory 2020-15	10/12/2020	Agent names disclosed in chat feature.	CVE-2020-1777	MEDIUM	October 12, 2020 — ID: OSA-2020-15 Date: 2020-10-12 Title: Agent names disclosed in chat feature. Severity: 4.3 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.7, OTRS 7.0.22 FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/P read more
OTRS Security Advisory 2020-16	11/23/2020	Bypassing user account validation	CVE-2020-1778	MEDIUM	November 23, 2020 — ID: OSA-2020-16 Date: 2020-11-23 Title: Bypassing user account validation Severity: Medium Product: OTRS 8.0.9 Fixed in: OTRS 8.0.10 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:Nread more
Attention! Maximum security risk with OTRS 4 and OTRS 5!	12/23/2020			HIGH	Please read carefully and check if the version of your OTRS system is affected. Please be aware that OTRS 4 / OTRS 5 contains several severe security vulnerabilities, which could lead to GDPR related resource claims for you, when used. This release reached end of life and support and, there have been no further security updates since MAR 27th, 2020. Product Affected: OTRS 4, OTRS 5, ((OTRS)) Community Edition 4, ((OTRS)) Community Edition 5 read more
Attention! Security risk with OTRS 6!	12/23/2020			HIGH	Please read carefully and check if the version of your OTRS system is affected. OTRS 6 has reached end of life and there will be no further security updates after JAN 1st, 2021. We want to point out that using the software exposes you to a high security risk! Product Affected: OTRS 6, ((OTRS)) Community Edition 6 read more
OTRS Security Advisory 2021-01	02/08/2021	XSS	CVE-2021-21434	LOW	ID: OSA-2021-01 Date: 2021-02-08 Title: XSS Severity: 3.5 LOW Product: Survey 7.0.x, Survey 6.0.x Fixed in: Survey 7.0.20 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N References: CVE-2021- read more
OTRS Security Advisory 2021-02	02/08/2021	Information exposure in PDF export	CVE-2021-21435	MEDIUM	ID: OSA-2021-02 Date: 2021-02-08 Title: Information exposure in PDF export Severity: 5.7 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.11, OTRS 7.0.24 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/U read more
OTRS Security Advisory 2021-03	02/08/2021	Dynamic templates reveal sensitive data when OTRS tags are used	CVE-2020-1779	MEDIUM	ID: OSA-2021-03 Date: 2021-02-08 Title: Dynamic templates reveal sensitive data when OTRS tags are used Severity: 4.3. MEDIUM Product: OTRSTicketForms 6.0.40, OTRSTicketForms 7.0.29 and OTRSTicketForms 8.0.3 Fixed in: OTRSTicketForms 7 read more
OTRS Security Advisory 2021-04	02/08/2021	Agent is able to link customer's Config Items without permission	CVE-2021-21436	LOW	ID: OSA-2021-04 Date: 2021-02-08 Title: Agent is able to link customer's Config Items without permission Severity: 3.5 LOW Product: OTRSCIsInCustomerFrontend 7.0.14 Fixed in: OTRSCIsInCustomerFrontend 7.0.15 FULL CVSS v3.1 read more
OTRS Security Advisory 2021-05	02/08/2021	Several Vulnerabilites in CKEditor	CVE-2018-17960	MEDIUM	ID: OSA-2021-05 Date: 2021-02-08 Title: Several Vulnerabilites in CKEditor Severity: 5.5 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.11, OTRS 7.0.24 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/U read more
OTRS Security Advisory 2021-06	03/22/2021	ReDoS vulnerability in thirdparty library (jquery-validate)	CVE-2021-21252	MEDIUM	ID: OSA-2021-06 Date: 2021-03-22 Title: ReDoS vulnerability in thirdparty library (jquery-validate) Severity: 5.3 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.12, OTRS 7.0.25 FULL CVSS v3.1 VECTOR: read more
OTRS Security Advisory 2021-07	03/22/2021	Config Items are shown to users without permission	CVE-2021-21437	LOW	ID: OSA-2021-07 Date: 2021-03-22 Title: Config Items are shown to users without permission Severity: 3.5 LOW Product: ITSMConfigurationManagement 7.0.24 and OTRSCIsInCustomerFrontend 7.0.15 Fixed in: ITSMConfigurationManagement 7.0.25 read more
OTRS Security Advisory 2021-08	03/22/2021	FAQ articles are shown to users without permission	CVE-2021-21438	LOW	ID: OSA-2021-08 Date: 2021-03-22 Title: FAQ articles are shown to users without permission Severity: 3.5 LOW Product: OTRS 7.0.24, and FAQ 6.0.29 Fixed in: OTRS 7.0.25 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U read more
OTRS Security Advisory 2021-09	06/14/2021	Possible DoS attack using a special crafted URL in email body	CVE-2021-21439	MEDIUM	ID: OSA-2021-09 Date: 2021-06-14 Title: Possible DoS attack using a special crafted URL in email body Severity: 6.5 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, Fixed in: OTRS 8.0.14, OTRS 7.0.27 FULL CVSS v3.1 VECTOR: CVSS:3.1/ read more
OTRS Security Advisory 2021-11	06/16/2021	XSS in the ticket overview screens	CVE-2021-21441	HIGH	ID: OSA-2021-11 Date: 2021-06-16 Title: XSS in the ticket overview screens Severity: 7.5 HIGH Product: OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 7.0.27 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N read more
OTRS Security Advisory 2021-10	07/26/2021	Support Bundle includes S/Mime and PGP keys and secrets	CVE-2021-21440, CVE-2021-36096	MEDIUM	ID: OSA-2021-10 Date: 2021-07-26 (initial), 2021-09-06 (update) Title: Support Bundle includes S/Mime and PGP keys and secrets Severity: 5.2 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.16, OTRS 7.0.29 FULL CVS read more
OTRS Security Advisory 2021-12	07/26/2021	Accounting	CVE-2021-21442	MEDIUM	ID: OSA-2021-12 Date: 2021-07-26 Title: XSS vulnerability in Time Accounting Severity: 4.5. MEDIUM Product: TimeAccounting 7.0.x Fixed in: TimeAccounting 7.0.20 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I: read more
OTRS Security Advisory 2021-13	07/26/2021	Unautorized listing of the customer user emails	CVE-2021-21443	LOW	ID: OSA-2021-13 Date: 2021-07-26 Title: Unautorized listing of the customer user emails Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS 6.0.x, Fixed in: OTRS 7.0.28 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I: read more
OTRS Security Advisory 2021-14	07/26/2021	Unautorized access to the calendar appointments	CVE-2021-36091	LOW	ID: OSA-2021-14 Date: 2021-07-26 Title: Unautorized access to the calendar appointments Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 7.0.28 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N read more
OTRS Security Advisory 2021-15	07/26/2021	XSS attack using special link in email	CVE-2021-36092	MEDIUM	ID: OSA-2021-15 Date: 2021-07-26 Title: XSS attack using special link in email Severity: 6.5 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.15, OTRS 7.0.28 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR read more
OTRS Security Advisory 2021-16	09/06/2021	DoS attack using PostMaster filters	CVE-2021-36093	MEDIUM	ID: OSA-2021-16 Date: 2021-09-06 Title: DoS attack using PostMaster filters Severity: 5.3 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.16, OTRS 7.0.29 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N read more
OTRS Security Advisory 2021-17	09/06/2021	XSS attack in appointment edit popup screen	CVE-2021-36094	MEDIUM	ID: OSA-2021-17 Date: 2021-09-06 Title: XSS attack in appointment edit popup screen Severity: 5.7. MEDIUM Product: OTRS 7.0.x Fixed in: OTRS 7.0.29 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N read more
OTRS Security Advisory 2021-18	09/06/2021	User enumeration issue using "lost password" feature	CVE-2021-36095	MEDIUM	ID: OSA-2021-18 Date: 2021-09-06 Title: User enumeration issue using "lost password" feature Severity: 5.3 MEDIUM Product: OTRS 7.0.x Fixed in: OTRS 7.0.29 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N read more
OTRS Security Advisory 2021-19	10/18/2021	Regular Expression Denial of Service in postcs	CVE-2021-23368	MEDIUM	ID: OSA-2021-19 Date: 2021-10-18 Title: Regular Expression Denial of Service in postcs Severity: 5.3 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.17, OTRS 7.0.30 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/U read more
OTRS Security Advisory 2021-20	10/18/2021	Agents are able to lock the ticket without the "Owner" permission	CVE-2021-36097	LOW	ID: OSA-2021-20 Date: 2021-10-18 Title: Agents are able to lock the ticket without the "Owner" permission Severity: 3.5 LOW Product: OTRS 8.0.x Fixed in: OTRS 8.0.17 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C read more
OTRS Security Advisory 2022-01	02/07/2022	Dynamic field error message is vulnerable to XSS	CVE-2022-0473	LOW	ID: OSA-2022-01 Date: 2021-02-07 Title: Dynamic field error message is vulnerable to XSS Severity: 3.8 LOW Product: OTRS 7.0.x Fixed in: OTRS 7.0.32 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N read more
OTRS Security Advisory 2022-02	02/07/2022	Disclosure of mail addresses	CVE-2022-0474	LOW	ID: OSA-2022-02 Date: 2022-02-07 Title: Disclosure of mail addresses Severity: 2.4 LOW Product: OTRSCustomContactFields 8.0.x, Fixed in: OTRS 8.0.12 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N read more
OTRS Security Advisory 2022-04	02/07/2022	Several vulnerabilities in third-party npm modules	CVE-2021-3803 / CVE-2021-3807 / CVE-2021-23368	MEDIUM	ID: OSA-2022-04 Date: 2022-02-07 Title: Several vulnerabilities in third-party npm modules Severity: 5.8 MEDIUM Product: OTRS 8.0.x Fixed in: OTRS 8.0.19 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:Lread more
OTRS Security Advisory 2022-03	03/21/2022	Authenticated remote code execution	CVE-2021-36100	MEDIUM	ID: OSA-2022-03 Date: 2022-03-21 Title: Authenticated remote code execution Severity: 6.4 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRSSTORM 8.0.x, OTRSSTORM 7.0.x, OTRSSTORM 6.0.x, SystemMonitoring 8.0.x, SystemMonitoring 7.0.x, SystemMonitoring 6 read more
OTRS Security Advisory 2022-05	03/21/2022	Possible XSS attack via translation	CVE-2022-0475	LOW	ID: OSA-2022-05 Date: 2022-03-21 Title: Possible XSS attack via translation Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 7.0.33, OTRS 8.0.20 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I: read more
OTRS Security Advisory 2022-06	03/21/2022	Information disclosure in the External Interface	CVE-2022-1004	MEDIUM	ID: OSA-2022-06 Date: 2022-03-21 Title: Information disclosure in the External Interface Severity:4.3 MEDIUM Product: OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 7.0.33, OTRS 8.0.20 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/ read more
OTRS Security Advisory 2022-07	06/13/2022	OTRS version number is always in the exported ICS files	CVE-2022-32739	LOW	ID: OSA-2022-07 Date: 2022-06-13 Title: OTRS version number is always in the exported ICS files Severity: 3.5. LOW Product: OTRS 8.0.x, OTRS 7.0.x, OTRSCalendarResourcePlanning 8.0.x, OTRSCalendarResourcePlanning 7.0.x. Fixed in: OTRS read more
OTRS Security Advisory 2022-08	06/13/2022	Information disclosure in the External Interface	CVE-2022-32740	LOW	ID: OSA-2022-08 Date: 2022-06-13 Title: Information disclosure in the External Interface Severity: 3.5 LOW Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.23, OTRS 7.0.35, FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/U read more
OTRS Security Advisory 2022-09	06/13/2022	Information disclosure in Request New Password feature	CVE-2022-32741	MEDIUM	ID: OSA-2022-09 Date: 2022-06-13 Title: Information disclosure in Request New Password feature Severity: 5.3. MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.23, OTRS 7.0.35, FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/A read more
OTRS Security Advisory 2022-10	09/05/2022	Possible XSS in Admin Interface	CVE-2022-39049	LOW	ID: OSA-2022-10 Date: 2022-09-05 Title: Possible XSS in Admin Interface Severity: 3.5 LOW Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 7.0.37, OTRS 8.0.25 FULL CVSS v3.1 VECTOR: read more
OTRS Security Advisory 2022-11	09/05/2022	Possible XSS stored in customer information	CVE-2022-39050	MEDIUM	ID: OSA-2022-11 Date: 2022-09-05 Title: Possible XSS stored in customer information Severity: 4.6. MEDIUM Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 7.0.37, OTRS 8.0.25 FULL CVSS v3.1 V read more
OTRS Security Advisory 2022-12	09/05/2022	Perl Code execution in Template Toolkit	CVE-2022-39051	MEDIUM	ID: OSA-2022-12 Date: 2022-09-05 Title: Perl Code execution in Template Toolkit Severity: 6.8 MEDIUM Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 8.0.25, OTRS 7.0.37, FULL CVSS v3.1 VECTO read more
OTRS Security Advisory 2022-13	10/17/2022	DoS attack using email	CVE-2022-39052	HIGH	ID: OSA-2022-13 Date: 2022-10-17 Title: DoS attack using email Severity: 7.5.HIGH Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.26, OTRS 7.0.39, FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H read more
OTRS Security Advisory 2022-14	10/17/2022	Information exposure of template content due to missing check of permissions	CVE-2022-3501	LOW	ID: OSA-2022-14 Date: 2022-10-17 Title: Information exposure of template content due to missing check of permissions Severity: 3.5 LOW Product: OTRS 8.0.x Fixed in: OTRS 8.0.26 FULL CVSS v3.1 VECTOR: CVSS: CVSS:3.1/AV:N/AC: read more
OTRS Security Advisory 2022-15	12/19/2022	Improper Input Validation vulnerability in OTRS and ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice	CVE-2022-4427	MEDIUM	ID: OSA-2022-15 Date: 2022-12-19 Title: SQL Injection via OTRS Search API Severity: 6.5. MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.28 Patch 1 or OTRS 7.0.40 Patch 1 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/ read more
OTRS Security Advisory 2023-01	03/20/2023	Possible XSS in Ticket Actions	CVE-2023-1248	MEDIUM	ID: OSA-2023-01 Date: 2023-03-20 Title: Possible XSS in Ticket Actions Severity: 5.4 MEDIUM Product: OTRS 7.0.x Fixed in: OTRS 7.0.42 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Reference read more
OTRS Security Advisory 2023-02	03/20/2023	Code execution through ACL creation	CVE-2023-1250	HIGH	ID: OSA-2023-02 Date: 2023-03-20 Title: Code execution through ACL creation Severity: 7.4 HIGH Product: OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 7.0.42, OTRS 8.0.31 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I read more
OTRS Security Advisory 2023-03	05/08/2023	Information disclouse and DoS via websocket push events	CVE-2023-2534	HIGH	ID: OSA-2023-03 Date: 2023-05-08 Title: Information disclouse and DoS via websocket push events Severity: 7.6 HIGH Product: OTRS 8.0.x Fixed in: OTRS 8.0.32 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A: read more
OTRS Security Advisory 2023-04	07/24/2023	Host header injection by attachments in web service	CVE-2023-38060	MEDIUM	ID: OSA-2023-04 Date: 2023-07-24 Title: Host header injection by attachments in web service Severity: 6.3 MEDIUM Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 7.0.45, OTRS 8.0.35 CVSS:3.1/ read more
OTRS Security Advisory 2023-05	07/24/2023	Code execution via System Configuration	CVE-2023-38056	HIGH	D: OSA-2023-05 Date: 2023-07-24 Title: Code execution via System Configuration Severity: 7.2 HIGH Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x Fixed in: OTRS 7.0.45, OTRS 8.0.35 CVSS:3.1/AV:N/AC:L/PR:H/ read more
OTRS Security Advisory 2023-06	07/24/2023	Possible XSS stored in survey answers	CVE-2023-38057	MEDIUM	ID: OSA-2023-06 Date: 2023-07-24 Title: Possible XSS stored in survey answers Severity: 4.1 MEDIUM Product: Survey 6.0.x, Survey 7.0.x, Survey 8.0.x Fixed in: Survey 7.0.32, Survey 8.0.13 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C: read more
OTRS Security Advisory 2023-07	07/24/2023	Tickets can be moved without permission	CVE-2023-38058	MEDIUM	ID: OSA-2023-07 Date: 2023-07-24 Title: Tickets can be moved without permission Severity: 4.1 MEDIUM Product: OTRS 8.0.x Fixed in: OTRS 8.0.35 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N References: CVE-2023-38 read more
Release name	Release date	Titel	References	Risk level	Excerpt

OTRS Security Advisory 2023-07