Otrs Ag Community Edition vulnerabilities
45 known vulnerabilities affecting otrs_ag/community_edition.
Total CVEs
45
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH10MEDIUM30LOW2
Vulnerabilities
Page 3 of 3
CVE-2021-21443P4MEDIUMCVSS 4.3≥ 6.0.1, < 6.0.x*2021-07-26
CVE-2021-21443 [MEDIUM] CWE-200 CVE-2021-21443: Agents are able to list customer user emails without required permissions in the bulk action screen.
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
nvd
CVE-2021-36091P4MEDIUMCVSS 4.3≥ 6.0.1, < 6.0.x*2021-07-26
CVE-2021-36091 [MEDIUM] CWE-200 CVE-2021-36091: Agents are able to list appointments in the calendars without required permissions. This issue affec
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
nvd
CVE-2022-39049P4MEDIUMCVSS 4.8≥ 6.0.1, < 6.0.x*2022-09-05
CVE-2022-39049 [MEDIUM] CWE-79 CVE-2022-39049: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of Ja
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
nvd
CVE-2024-43446P4LOWCVSS 3.5≥ 6.0.x, ≤ 6.0.342025-01-27
CVE-2024-43446 [LOW] CWE-269 CVE-2024-43446: An improper privilege management vulnerability in OTRS Generic Interface module allows change of the
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
nvd
CVE-2025-24388P4LOWCVSS 3.8v6.0.x2025-06-16
CVE-2025-24388 [LOW] CWE-184 CVE-2025-24388: A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow param
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very l
nvd
← Previous3 / 3