Page 7 of 125 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27. Unos agentes pueden enumerar los correos electrónicos de los usuarios de los clientes sin los permisos requeridos en la pantalla de acciones masivas. Este problema afecta a: OTRS AG ((OTRS)) Community Edition: versión 6.0.x versión 6.0.1 y versiones posteriores. • https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2021-13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. Unos Paquetes de Soporte Generados contienen claves privadas S/MIME y PGP si la carpeta que los contiene no está oculta. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versión 6.0.x versión 6.0.1 y versiones posteriores. • https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2021-10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions. • https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2021-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions. El ataque de DoS puede ser llevado a cabo cuando un correo electrónico contiene una URL especialmente diseñada en el cuerpo. • https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2021-09 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions. Los agentes pueden ser capaces de visualizar artículos de FAQ vinculados sin permisos (definidos en la categoría FAQ). Este problema afecta a: FAQ versión 6.0.29 y anteriores, OTRS versión 7.0.24 y anteriores • https://otrs.com/release-notes/otrs-security-advisory-2021-08 • CWE-264: Permissions, Privileges, and Access Controls CWE-276: Incorrect Default Permissions •