CVE-2021-21436

Опубликовано: 08 фев. 2021

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.

Ссылки

https://otrs.com/release-notes/otrs-security-advisory-2021-04/
Vendor Advisory
https://otrs.com/release-notes/otrs-security-advisory-2021-04/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:otrs:cis_in_customer_frontend:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.0.14 (включая)

EPSS

Процентиль: 30%

0.00112

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264

CWE-276

Связанные уязвимости

CVE-2021-21436

CVSS3: 3.5

ubuntu

почти 5 лет назад

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.

GHSA-5gvf-qj79-739q

github

больше 3 лет назад

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.

EPSS

Процентиль: 30%

0.00112

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264

CWE-276