📦 Otrs

This vulnerability in OTRS AgentInterface and ExternalInterface allows attackers to read plain text passwords that are inadvertently sent back to clients in server responses. It affects OTRS installat...

This vulnerability in OTRS and OTRS Community Edition allows attackers to intercept email communications by using invalid or expired SSL/TLS certificates. The software fails to properly verify certifi...

This vulnerability allows authenticated OTRS administrators to execute arbitrary commands on the server through improper input sanitization in the System Configuration module. It affects OTRS versions...

An improper authorization vulnerability in OTRS 8's Websocket API backend allows authenticated agents to track user behavior and gain live system insights. Attackers can correlate user IDs with real n...

This vulnerability allows local attackers to execute arbitrary code on OTRS systems by injecting malicious code into ACL module comments or names during creation or import. It affects OTRS AG OTRS and...

Multiple SQL injection vulnerabilities in OTRS Help Desk allow authenticated users to execute arbitrary SQL commands. This affects OTRS versions 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x bef...

This vulnerability in OTRS Application Server allows session hijacking due to insecure cookie settings in HTTPS sessions. Attackers can steal authentication cookies via cross-site requests, potentiall...

An incorrect privilege assignment vulnerability in OTRS allows agents with read-only permissions to gain full access to tickets in rare configurations. This privilege escalation occurs when an admin h...