Exposure of otrs
Issue trackers18
exposure score
40
sites use
0
exploited
1
critical
CVEs
76 resultsCVE-2024-23794MEDIUMAgents are able to lock the ticket without the "Owner" permissionEPSS 0.3%CVE-2024-23790LOWMissing file type check in avatar picture uploadEPSS 0.3%CVE-2026-48210MEDIUMPossible information disclosure via External InterfaceEPSS 0.2%CVE-2025-24388LOWUnsafe handling of AJAX callsEPSS 0.2%CVE-2025-24391MEDIUMPossible user enumerationEPSS 0.2%CVE-2024-43445MEDIUMMissing X-Content-Type-Options: nosniff Header Allows MIME Type SniffingEPSS 0.2%CVE-2026-48209HIGHReflected XSS in authenticated agent contextEPSS 0.2%CVE-2024-43446LOWImproper check of permissions in Generic InterfaceEPSS 0.2%CVE-2026-48187MEDIUMEmail with special content can lead to DoSEPSS 0.2%CVE-2026-48189MEDIUMBypass DedicatedAgentToCustomerGroups SettingEPSS 0.2%CVE-2025-24390MEDIUMMissing Cookie FlagsEPSS 0.2%CVE-2026-6060MEDIUMPossible DoS via SQL BoxEPSS 0.2%CVE-2026-48191LOWWrong Permission Handling in Document Search Article Meta FiltersEPSS 0.1%CVE-2026-48190LOWIncorrect handling of permissions in External Interface Config Item List moduleEPSS 0.1%CVE-2025-24387MEDIUMMissing CSRF protectionEPSS 0.1%CVE-2025-24389MEDIUMSMTP Password will be shown in cleartext on some SMTP errorsEPSS 0.1%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →