cbcvebase.
CVE-2021-21435
published 2021-02-08

CVE-2021-21435: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS…

PriorityP432medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
1.27%
66.3th percentile
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianotrs2
otrsotrs6.0.0 – 6.0.30
otrsotrs7.0.0 – 7.0.23
otrsotrs8.0.0 – 8.0.10
otrs_agotrs7.0.x – 7.0.23
otrs_agotrs8.0.x – 8.0.10

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian5.7LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.