CVE-2021-36100OS Command Injection in AG Community Edition

CWE-78OS Command InjectionCWE-77Command Injection5 documents5 sources
Severity
8.8HIGHNVD
CNA6.4
EPSS
0.7%
top 27.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Otrs AG Community EditionOtrs AG OtrsstormOtrs AG Systemmonitoring+4 more
Timeline
PublishedMar 21
Latest updateMar 22

Description

Specially crafted string in OTRS system configuration can allow the execution of any system command.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5otrs_ag/systemmonitoring6.0.16.0.x*+2
NVDotrs/otrs7.0.307.0.33+2
NVDotrs/otrs_itsm8.0.08.0.28+1
NVDotrs/otrs_storm< 8.0.12
CVEListV5otrs_ag/otrsstorm6.0.16.0.x*+2

🔴Vulnerability Details

3
GHSA
GHSA-9jrh-x229-v96c: Specially crafted string in OTRS system configuration can allow the execution of any system command2022-03-22
CVEList
Authenticated remote code execution2022-03-21
OSV
CVE-2021-36100: Specially crafted string in OTRS system configuration can allow the execution of any system command2022-03-21

📋Vendor Advisories

1
Debian
CVE-2021-36100: otrs2 - Specially crafted string in OTRS system configuration can allow the execution of...2021
CVE-2021-36100 — OS Command Injection | cvebase