1 results (0.003 seconds)
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21436 – Agent is able to link customer's Config Items without permission
https://notcve.org/view.php?id=CVE-2021-21436
08 Feb 2021 — Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions. Unos agentes son capaces de visualizar y vincular elementos de configuración sin permisos, que son definidos en el catálogo general. Este problema afecta a: OTRSCIsInCustomerFrontend de OTRS AG versiones 7.0.x versión 7.0.14 y versiones anteriores • https://otrs.com/release-notes/otrs-security-advisory-2021-04 • CWE-264: Permissions, Privileges, and Access Controls CWE-276: Incorrect Default Permissions •