Open Ticket Request System (OTRS) 7.0.49

CPE Details

Open Ticket Request System (OTRS) 7.0.49
otrs
otrs
7.0.49
2024-02-03
00h39 +00:00
2024-02-03
00h39 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:otrs:otrs:7.0.49:*:*:*:*:*:*:*

Informations

Vendor

otrs

Product

otrs

Version

7.0.49

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-24387 2025-03-10 09h28 +00:00 A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.   This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x
6.5
Moyen
CVE-2020-1778 2020-11-23 15h32 +00:00 When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
4.3
Moyen
CVE-2011-2385 2011-07-19 18h00 +00:00 The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
6.5