| Bug | jessie | stretch | buster | bullseye | Description |
|---|
| CVE-2023-38060 | vulnerable | vulnerable | fixed | vulnerable (no DSA) | Improper Input Validation vulnerability in the ContentType parameter f ... |
| CVE-2022-4427 | vulnerable | vulnerable | fixed | vulnerable (no DSA) | Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTR ... |
| CVE-2021-41184 | vulnerable | vulnerable (no DSA) | fixed | vulnerable (no DSA) | jQuery-UI is the official jQuery user interface library. Prior to vers ... |
| CVE-2021-41183 | vulnerable | vulnerable (no DSA) | fixed | vulnerable (no DSA) | jQuery-UI is the official jQuery user interface library. Prior to vers ... |
| CVE-2021-41182 | vulnerable | vulnerable (no DSA) | fixed | vulnerable (no DSA) | jQuery-UI is the official jQuery user interface library. Prior to vers ... |
| CVE-2021-36100 | vulnerable | vulnerable | fixed | vulnerable (no DSA) | Specially crafted string in OTRS system configuration can allow the ex ... |
| CVE-2021-36096 | vulnerable | unknown | unknown | unknown | Generated Support Bundles contains private S/MIME and PGP keys if cont ... |
| CVE-2021-36094 | vulnerable | unknown | unknown | unknown | It's possible to craft a request for appointment edit screen, which co ... |
| CVE-2021-36092 | vulnerable | unknown | unknown | unknown | It's possible to create an email which contains specially crafted link ... |
| CVE-2021-36091 | vulnerable | vulnerable (no DSA) | fixed | fixed | Agents are able to list appointments in the calendars without required ... |
| CVE-2021-21443 | vulnerable | vulnerable (no DSA) | fixed | fixed | Agents are able to list customer user emails without required permissi ... |
| CVE-2021-21441 | vulnerable | vulnerable (no DSA) | fixed | fixed | There is a XSS vulnerability in the ticket overview screens. It's poss ... |
| CVE-2021-21440 | vulnerable | vulnerable (no DSA) | fixed | fixed | Generated Support Bundles contains private S/MIME and PGP keys if cont ... |
| CVE-2021-21439 | vulnerable | vulnerable (no DSA) | fixed | fixed | DoS attack can be performed when an email contains specially designed ... |
| CVE-2021-21435 | vulnerable | fixed | fixed | fixed | Article Bcc fields and agent personal information are shown when custo ... |
| CVE-2021-21252 | vulnerable | vulnerable (no DSA, ignored) | fixed | fixed | The jQuery Validation Plugin provides drop-in validation for your exis ... |
| CVE-2020-11023 | vulnerable | vulnerable (no DSA, ignored) | fixed | fixed | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ... |
| CVE-2020-11022 | vulnerable | vulnerable (no DSA, ignored) | fixed | fixed | In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ... |
| CVE-2020-1776 | vulnerable | vulnerable (no DSA, ignored) | fixed | fixed | When an agent user is renamed or set to invalid the session belonging ... |
| CVE-2020-1774 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | When user downloads PGP or S/MIME keys/certificates, exported file has ... |
| CVE-2020-1773 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | fixed | fixed | An attacker with the ability to generate session IDs or password reset ... |
| CVE-2020-1772 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | It's possible to craft Lost Password requests with wildcards in the To ... |
| CVE-2020-1771 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | Attacker is able craft an article with a link to the customer address ... |
| CVE-2020-1770 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | Support bundle generated files could contain sensitive information tha ... |
| CVE-2020-1769 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | fixed | fixed | In the login screens (in agent and customer interface), Username and P ... |
| CVE-2020-1767 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | Agent A is able to save a draft (i.e. for customer reply). Then Agent ... |
| CVE-2020-1766 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | Due to improper handling of uploaded images it is possible in very unl ... |
| CVE-2020-1765 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An improper control of parameters allows the spoofing of the from fiel ... |
| CVE-2019-18180 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | Improper Check for filenames with overly long extensions in PostMaster ... |
| CVE-2019-18179 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ... |
| CVE-2019-16375 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ... |
| CVE-2019-13458 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ... |
| CVE-2019-12746 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) Community ... |
| CVE-2019-12497 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ... |
| CVE-2019-12248 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ... |
| CVE-2019-11358 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ... |
| CVE-2019-10067 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ... |
| CVE-2019-9892 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 5.x throu ... |
| CVE-2019-9752 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ... |
| CVE-2019-9751 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ... |
| CVE-2018-20800 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ... |
| CVE-2018-19143 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ... |
| CVE-2018-19141 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ... |
| CVE-2018-11563 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ... |
| Bug | Description |
|---|
| CVE-2020-1778 | When OTRS uses multiple backends for user authentication (with LDAP), ... |
| CVE-2020-1777 | Agent names that participates in a chat conversation are revealed in c ... |
| CVE-2020-1775 | BCC recipients in mails sent from OTRS are visible in article detail o ... |
| CVE-2020-1768 | The external frontend system uses numerous background calls to the bac ... |
| CVE-2019-13457 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ... |
| CVE-2019-10066 | An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ... |
| CVE-2019-10065 | An issue was discovered in Open Ticket Request System (OTRS) 7.0 throu ... |
| CVE-2019-9753 | An issue was discovered in Open Ticket Request System (OTRS) 7.x befor ... |
| CVE-2018-19142 | Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin ... |
| CVE-2018-17883 | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x bef ... |
| CVE-2018-16587 | In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ... |
| CVE-2018-16586 | In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ... |
| CVE-2018-14593 | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ... |
| CVE-2018-10198 | An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is ... |
| CVE-2017-17476 | Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5. ... |
| CVE-2017-16921 | In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and includin ... |
| CVE-2017-16854 | In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ... |
| CVE-2017-16664 | Code injection exists in Kernel/System/Spelling.pm in Open Ticket Requ ... |
| CVE-2017-15864 | In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x throu ... |
| CVE-2017-14635 | In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4 ... |
| CVE-2017-9324 | In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through ... |
| CVE-2016-9139 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System ... |
| CVE-2014-9324 | The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x befo ... |
| CVE-2014-2554 | OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 ... |
| CVE-2014-2553 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System ... |
| CVE-2014-1695 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System ... |
| CVE-2014-1694 | Multiple cross-site request forgery (CSRF) vulnerabilities in (1) Cust ... |
| CVE-2014-1471 | SQL injection vulnerability in the StateGetStatesByType function in Ke ... |
| CVE-2013-4717 | Multiple SQL injection vulnerabilities in Open Ticket Request System ( ... |
| CVE-2013-4088 | Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OT ... |
| CVE-2013-3551 | Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS ... |
| CVE-2013-2625 | An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, ... |
| CVE-2012-4751 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System ... |
| CVE-2012-4600 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System ... |
| CVE-2012-2582 | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ... |
| CVE-2011-2746 | Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in ... |
| CVE-2011-2385 | The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in ... |
| CVE-2011-1518 | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ... |
| CVE-2011-1433 | The (1) AgentInterface and (2) CustomerInterface components in Open Ti ... |
| CVE-2011-0456 | webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier al ... |
| CVE-2010-4768 | Open Ticket Request System (OTRS) before 2.3.5 does not properly disab ... |
| CVE-2010-4767 | Open Ticket Request System (OTRS) before 2.3.6 does not properly handl ... |
| CVE-2010-4766 | The AgentTicketForward feature in Open Ticket Request System (OTRS) be ... |
| CVE-2010-4765 | Race condition in the Kernel::System::Main::FileWrite method in Open T ... |
| CVE-2010-4764 | Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ... |
| CVE-2010-4763 | The ACL-customer-status Ticket Type setting in Open Ticket Request Sys ... |
| CVE-2010-4762 | Cross-site scripting (XSS) vulnerability in the rich-text-editor compo ... |
| CVE-2010-4761 | The customer-interface ticket-print dialog in Open Ticket Request Syst ... |
| CVE-2010-4760 | Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notifi ... |
| CVE-2010-4759 | Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ... |
| CVE-2010-4758 | installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an ... |
| CVE-2010-4071 | Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2. ... |
| CVE-2010-3476 | Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before ... |
| CVE-2010-2080 | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ... |
| CVE-2010-0438 | Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in O ... |
| CVE-2009-5057 | The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 d ... |
| CVE-2009-5056 | Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly ... |
| CVE-2009-5055 | Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on ... |
| CVE-2008-7283 | Open Ticket Request System (OTRS) before 2.2.6, when customer group su ... |
| CVE-2008-7282 | Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open T ... |
| CVE-2008-7281 | Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing ... |
| CVE-2008-7280 | Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Reque ... |
| CVE-2008-7279 | The CustomerInterface component in Open Ticket Request System (OTRS) b ... |
| CVE-2008-7278 | The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, ... |
| CVE-2008-7277 | Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw ... |
| CVE-2008-7276 | Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) befo ... |
| CVE-2008-7275 | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ... |
| CVE-2008-7220 | Unspecified vulnerability in Prototype JavaScript framework (prototype ... |
| CVE-2008-1515 | The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 a ... |
| CVE-2007-2524 | Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Re ... |
| CVE-2007-2383 | The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ... |