CVE-2021-21435
published 2021-02-08CVE-2021-21435: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS…
PriorityP432medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
1.27%
66.3th percentile
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | — | — |
| otrs | otrs | 6.0.0 – 6.0.30 | — |
| otrs | otrs | 7.0.0 – 7.0.23 | — |
| otrs | otrs | 8.0.0 – 8.0.10 | — |
| otrs_ag | otrs | 7.0.x – 7.0.23 | — |
| otrs_ag | otrs | 8.0.x – 8.0.10 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian5.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mx9p-p4m9-xg4c: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface
ghsa_unreviewed·2022-05-24
CVE-2021-21435 [MEDIUM] CWE-200 GHSA-mx9p-p4m9-xg4c: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
OSV
CVE-2021-21435: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface
osv·2021-02-08·CVSS 6.5
CVE-2021-21435 [MEDIUM] CVE-2021-21435: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
Debian
CVE-2021-21435: otrs2 - Article Bcc fields and agent personal information are shown when customer prints...
vendor_debian·2021·CVSS 5.7
CVE-2021-21435 [MEDIUM] CVE-2021-21435: otrs2 - Article Bcc fields and agent personal information are shown when customer prints...
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
Scope: local
bullseye: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-08
Published