The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of OTRS Help Desk

OTRS Help Desk: private key disclosure
An attacker can bypass access restrictions to data in OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1774, DLA-2198-1, OSA-2020-11, VIGILANCE-VUL-32107
OTRS Help Desk: spoofing via Spoofed Draft Messages
An attacker can create spoofed data via Spoofed Draft Messages of OTRS Help Desk, because of jQuery (VIGILANCE-VUL-29030), in order to deceive the victim...
CVE-2019-11358, OSA-2020-05, VIGILANCE-VUL-31545
OTRS Help Desk: unexpired session via SessionMaxIdleTime Ignored
Background tasks are counted for SessionMaxIdleTime of OTRS Help Desk, so an attacker can ensure that his session will never expire...
CVE-2020-1768, VIGILANCE-VUL-31544
OTRS Help Desk: information disclosure via Drafted Messages Spoofing
An attacker can bypass access restrictions to data via Drafted Messages Spoofing of OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1767, DLA-2079-1, OSA-2020-03, VIGILANCE-VUL-31295
OTRS Help Desk: code execution via Uploaded Inline Images SVG Javascript
An attacker can use a vulnerability via Uploaded Inline Images SVG Javascript of OTRS Help Desk, in order to run code...
CVE-2020-1766, DLA-2079-1, openSUSE-SU-2020:0551-1, OSA-2020-02, VIGILANCE-VUL-31294
OTRS Help Desk: information disclosure via From Field Spoofing
An attacker can bypass access restrictions to data via From Field Spoofing of OTRS Help Desk, in order to obtain sensitive information...
CVE-2020-1765, DLA-2079-1, openSUSE-SU-2020:0551-1, OSA-2020-01, VIGILANCE-VUL-31293
OTRS Help Desk: infinite loop via Long Extensions Filenames
An attacker can trigger an infinite loop via Long Extensions Filenames of OTRS Help Desk, in order to trigger a denial of service...
CVE-2019-18180, openSUSE-SU-2020:0551-1, OSA-2019-15, VIGILANCE-VUL-30885
OTRS Help Desk: information disclosure via Ticket List
An attacker can bypass access restrictions to data via Ticket List of OTRS Help Desk, in order to obtain sensitive information...
CVE-2019-18179, DLA-2053-1, openSUSE-SU-2020:0551-1, OSA-2019-14, VIGILANCE-VUL-30884
OTRS: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of OTRS, in order to run JavaScript code in the context of the web site...
CVE-2019-16375, openSUSE-SU-2020:0551-1, OSA-2019-13, VIGILANCE-VUL-30529
OTRS Help Desk: privilege escalation via Session ID Link Sharing
An attacker can bypass restrictions via Session ID Link Sharing of OTRS Help Desk, in order to escalate his privileges...
CVE-2019-12746, DLA-1877-1, openSUSE-SU-2020:0551-1, OSA-2019-10, VIGILANCE-VUL-29758
Our database contains other pages. You can request a free trial to read them.

Display information about OTRS Help Desk: