CVE-2021-36091
published 2021-07-26CVE-2021-36091: Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.73%
49.5th percentile
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 6.0.32-6 (bullseye) | otrs2 6.0.32-6 (bullseye) |
| otrs | otrs | >= 6.0.0 < 6.0.32 | 6.0.32 |
| otrs | otrs | >= 7.0.0 < 7.0.28 | 7.0.28 |
| otrs_ag | community_edition | >= 6.0.1 < 6.0.x* | 6.0.x* |
| otrs_ag | otrs | >= 7.0.x < 7.0.27 | 7.0.27 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2021-36091: otrs2 - Agents are able to list appointments in the calendars without required permissio...
vendor_debian·2021·CVSS 3.5
CVE-2021-36091 [LOW] CVE-2021-36091: otrs2 - Agents are able to list appointments in the calendars without required permissio...
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
Scope: local
bullseye: resolved (fixed in 6.0.32-6)
GHSA
GHSA-mxpc-p9xr-9j86: Agents are able to list appointments in the calendars without required permissions
ghsa_unreviewed·2022-05-24
CVE-2021-36091 [MEDIUM] CWE-200 GHSA-mxpc-p9xr-9j86: Agents are able to list appointments in the calendars without required permissions
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
OSV
CVE-2021-36091: Agents are able to list appointments in the calendars without required permissions
osv·2021-07-26·CVSS 4.3
CVE-2021-36091 [MEDIUM] CVE-2021-36091: Agents are able to list appointments in the calendars without required permissions
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-26
Published