A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.
oryginał ENCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NOtrs
APPOtrs8.0.1 – 8.0.37
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Powiązane podatności
CVE-2026-48188CRITICAL9.1PL ✓ten sam produkt
OTRS / Community Edition: SQL injection z pominięciem uwierzytelnienia
CVE-2026-48209HIGH7.1ten sam produkt
An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling al...
CVE-2023-5422HIGH8.7ten sam produkt
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL o...
CVE-2023-38056HIGH7.2ten sam produkt
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTas...
CVE-2023-2534HIGH7.6ten sam produkt
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticat...