Search criteria
4 vulnerabilities found for OTRSCIsInCustomerFrontend by OTRS AG
CVE-2021-21437 (GCVE-0-2021-21437)
Vulnerability from nvd – Published: 2021-03-22 08:50 – Updated: 2024-09-16 20:53
VLAI
Title
Config Items are shown to users without permission
Summary
Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | OTRSCIsInCustomerFrontend |
Affected:
7.0.x , ≤ 7.0.15
(custom)
|
|
| OTRS AG | ITSMConfigurationManagement |
Affected:
7.0.x , ≤ 7.0.24
(custom)
|
Date Public
2021-03-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRSCIsInCustomerFrontend",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
},
{
"product": "ITSMConfigurationManagement",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.24",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jaroslav Balaz"
}
],
"datePublic": "2021-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T08:50:16.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to ITSMConfigurationManagement 7.0.25 and OTRSCIsInCustomerFrontend 7.0.16."
}
],
"source": {
"advisory": "OSA-2021-07",
"defect": [
"2021012842001309"
],
"discovery": "INTERNAL"
},
"title": "Config Items are shown to users without permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-03-22T00:00:00.000Z",
"ID": "CVE-2021-21437",
"STATE": "PUBLIC",
"TITLE": "Config Items are shown to users without permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRSCIsInCustomerFrontend",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.15"
}
]
}
},
{
"product_name": "ITSMConfigurationManagement",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.24"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jaroslav Balaz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/",
"refsource": "MISC",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to ITSMConfigurationManagement 7.0.25 and OTRSCIsInCustomerFrontend 7.0.16."
}
],
"source": {
"advisory": "OSA-2021-07",
"defect": [
"2021012842001309"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21437",
"datePublished": "2021-03-22T08:50:17.071Z",
"dateReserved": "2020-12-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:53:12.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21436 (GCVE-0-2021-21436)
Vulnerability from nvd – Published: 2021-02-08 10:55 – Updated: 2024-09-17 04:00
VLAI
Title
Agent is able to link customer's Config Items without permission
Summary
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | OTRSCIsInCustomerFrontend |
Affected:
7.0.x , ≤ 7.0.14
(custom)
|
Date Public
2021-02-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRSCIsInCustomerFrontend",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bernhard Lehr"
}
],
"datePublic": "2021-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T10:55:20.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
},
"title": "Agent is able to link customer\u0027s Config Items without permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-02-08T00:00:00.000Z",
"ID": "CVE-2021-21436",
"STATE": "PUBLIC",
"TITLE": "Agent is able to link customer\u0027s Config Items without permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRSCIsInCustomerFrontend",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.14"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bernhard Lehr"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21436",
"datePublished": "2021-02-08T10:55:20.229Z",
"dateReserved": "2020-12-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:00:11.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21437 (GCVE-0-2021-21437)
Vulnerability from cvelistv5 – Published: 2021-03-22 08:50 – Updated: 2024-09-16 20:53
VLAI
Title
Config Items are shown to users without permission
Summary
Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | OTRSCIsInCustomerFrontend |
Affected:
7.0.x , ≤ 7.0.15
(custom)
|
|
| OTRS AG | ITSMConfigurationManagement |
Affected:
7.0.x , ≤ 7.0.24
(custom)
|
Date Public
2021-03-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRSCIsInCustomerFrontend",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
},
{
"product": "ITSMConfigurationManagement",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.24",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jaroslav Balaz"
}
],
"datePublic": "2021-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T08:50:16.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to ITSMConfigurationManagement 7.0.25 and OTRSCIsInCustomerFrontend 7.0.16."
}
],
"source": {
"advisory": "OSA-2021-07",
"defect": [
"2021012842001309"
],
"discovery": "INTERNAL"
},
"title": "Config Items are shown to users without permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-03-22T00:00:00.000Z",
"ID": "CVE-2021-21437",
"STATE": "PUBLIC",
"TITLE": "Config Items are shown to users without permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRSCIsInCustomerFrontend",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.15"
}
]
}
},
{
"product_name": "ITSMConfigurationManagement",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.24"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jaroslav Balaz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/",
"refsource": "MISC",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-07/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to ITSMConfigurationManagement 7.0.25 and OTRSCIsInCustomerFrontend 7.0.16."
}
],
"source": {
"advisory": "OSA-2021-07",
"defect": [
"2021012842001309"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21437",
"datePublished": "2021-03-22T08:50:17.071Z",
"dateReserved": "2020-12-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:53:12.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21436 (GCVE-0-2021-21436)
Vulnerability from cvelistv5 – Published: 2021-02-08 10:55 – Updated: 2024-09-17 04:00
VLAI
Title
Agent is able to link customer's Config Items without permission
Summary
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | OTRSCIsInCustomerFrontend |
Affected:
7.0.x , ≤ 7.0.14
(custom)
|
Date Public
2021-02-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRSCIsInCustomerFrontend",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bernhard Lehr"
}
],
"datePublic": "2021-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T10:55:20.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
},
"title": "Agent is able to link customer\u0027s Config Items without permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-02-08T00:00:00.000Z",
"ID": "CVE-2021-21436",
"STATE": "PUBLIC",
"TITLE": "Agent is able to link customer\u0027s Config Items without permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRSCIsInCustomerFrontend",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.14"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bernhard Lehr"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21436",
"datePublished": "2021-02-08T10:55:20.229Z",
"dateReserved": "2020-12-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:00:11.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}