CVE-2021-21439 — Improper Check for Unusual or Exceptional Conditions in AG Community Edition

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-755 — Improper Handling of Exceptional Conditions5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 42.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs Otrs AG Otrs

Timeline

PublishedJun 14

Latest updateMay 24

Description

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶NVDotrs/otrs7.0.0 — 7.0.27+2

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.26+1

🔴Vulnerability Details

GHSA

GHSA-58p7-gj75-3437: DoS attack can be performed when an email contains specially designed URL in the body↗2022-05-24

▶

CVEList

Possible DoS attack using a special crafted URL in email body↗2021-06-14

▶

OSV

CVE-2021-21439: DoS attack can be performed when an email contains specially designed URL in the body↗2021-06-14

▶

📋Vendor Advisories

Debian

CVE-2021-21439: otrs2 - DoS attack can be performed when an email contains specially designed URL in the...↗2021

▶