Search criteria
2 vulnerabilities found for cis_in_customer_frontend by otrs
CVE-2021-21436 (GCVE-0-2021-21436)
Vulnerability from nvd – Published: 2021-02-08 10:55 – Updated: 2024-09-17 04:00
VLAI
Title
Agent is able to link customer's Config Items without permission
Summary
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | OTRSCIsInCustomerFrontend |
Affected:
7.0.x , ≤ 7.0.14
(custom)
|
Date Public
2021-02-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRSCIsInCustomerFrontend",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bernhard Lehr"
}
],
"datePublic": "2021-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T10:55:20.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
},
"title": "Agent is able to link customer\u0027s Config Items without permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-02-08T00:00:00.000Z",
"ID": "CVE-2021-21436",
"STATE": "PUBLIC",
"TITLE": "Agent is able to link customer\u0027s Config Items without permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRSCIsInCustomerFrontend",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.14"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bernhard Lehr"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21436",
"datePublished": "2021-02-08T10:55:20.229Z",
"dateReserved": "2020-12-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:00:11.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21436 (GCVE-0-2021-21436)
Vulnerability from cvelistv5 – Published: 2021-02-08 10:55 – Updated: 2024-09-17 04:00
VLAI
Title
Agent is able to link customer's Config Items without permission
Summary
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | OTRSCIsInCustomerFrontend |
Affected:
7.0.x , ≤ 7.0.14
(custom)
|
Date Public
2021-02-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRSCIsInCustomerFrontend",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bernhard Lehr"
}
],
"datePublic": "2021-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T10:55:20.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
},
"title": "Agent is able to link customer\u0027s Config Items without permission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2021-02-08T00:00:00.000Z",
"ID": "CVE-2021-21436",
"STATE": "PUBLIC",
"TITLE": "Agent is able to link customer\u0027s Config Items without permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRSCIsInCustomerFrontend",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.0.x",
"version_value": "7.0.14"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bernhard Lehr"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2021-04/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRSCIsInCustomerFrontend 7.0.15."
}
],
"source": {
"advisory": "OSA-2021-04",
"defect": [
"2020100842000501"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-21436",
"datePublished": "2021-02-08T10:55:20.229Z",
"dateReserved": "2020-12-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:00:11.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}