Computer vulnerabilities of OTRS Help Desk

OTRS Help Desk: information disclosure via Renamed Agent User
An attacker can bypass access restrictions to data via Renamed Agent User of OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1776, OSA-2020-13, VIGILANCE-VUL-32881

OTRS Help Desk: information disclosure via BCC Recipients List
An attacker can bypass access restrictions to data via BCC Recipients List of OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1775, OSA-2020-12, VIGILANCE-VUL-32459

OTRS Help Desk: private key disclosure
An attacker can bypass access restrictions to data in OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1774, DLA-2198-1, OSA-2020-11, VIGILANCE-VUL-32107

jQuery Core: Cross Site Scripting via HtmlPrefilter Regex
An attacker can trigger a Cross Site Scripting via HtmlPrefilter Regex of jQuery Core, in order to run JavaScript code in the context of the web site...
20200601, 20200602, 20200603, 20200604, 20200605, 6217392, 6253319, 6344075, CERTFR-2020-AVI-310, CERTFR-2020-AVI-335, cpujul2020, cpuoct2020, CVE-2020-11022, CVE-2020-11023, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, DSA-4693-1, FEDORA-2020-0b32a59b54, FEDORA-2020-11be4b36d4, FEDORA-2020-7dddce530c, FEDORA-2020-8a15713da2, FEDORA-2020-fbb94073a1, K02453220, K66544153, NPM-1518, openSUSE-SU-2020:1060-1, openSUSE-SU-2020:1106-1, OSA-2020-14, RHSA-2020:3936-01, VIGILANCE-VUL-32007

OTRS Help Desk: spoofing via Spoofed Draft Messages
An attacker can create spoofed data via Spoofed Draft Messages of OTRS Help Desk, because of jQuery (VIGILANCE-VUL-29030), in order to deceive the victim...
CVE-2019-11358, OSA-2020-05, VIGILANCE-VUL-31545

OTRS Help Desk: unexpired session via SessionMaxIdleTime Ignored
Background tasks are counted for SessionMaxIdleTime of OTRS Help Desk, so an attacker can ensure that his session will never expire...
CVE-2020-1768, VIGILANCE-VUL-31544

OTRS Help Desk: information disclosure via Drafted Messages Spoofing
An attacker can bypass access restrictions to data via Drafted Messages Spoofing of OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1767, DLA-2079-1, OSA-2020-03, VIGILANCE-VUL-31295

OTRS Help Desk: code execution via Uploaded Inline Images SVG Javascript
An attacker can use a vulnerability via Uploaded Inline Images SVG Javascript of OTRS Help Desk, in order to run code...
CVE-2020-1766, DLA-2079-1, openSUSE-SU-2020:0551-1, openSUSE-SU-2020:1475-1, OSA-2020-02, VIGILANCE-VUL-31294

OTRS Help Desk: information disclosure via From Field Spoofing
An attacker can bypass access restrictions to data via From Field Spoofing of OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1765, DLA-2079-1, openSUSE-SU-2020:0551-1, openSUSE-SU-2020:1475-1, OSA-2020-01, VIGILANCE-VUL-31293

OTRS Help Desk: infinite loop via Long Extensions Filenames
An attacker can trigger an infinite loop via Long Extensions Filenames of OTRS Help Desk, in order to trigger a denial of service...
CVE-2019-18180, openSUSE-SU-2020:0551-1, openSUSE-SU-2020:1475-1, OSA-2019-15, VIGILANCE-VUL-30885

Our database contains other pages. You can request a free trial to read them.

Display information about OTRS Help Desk:

https://community.otrs.com/