VulnerableCode Package Details - pkg:deb/debian/otrs2@0?distro=bullseye

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1cad-s6nn-j7aw	embedded prototype.js JavaScript hijacking	CVE-2007-2383
VCID-2fxb-3haf-gket	When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.	CVE-2020-1778
VCID-4ab3-red7-x3aa	An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.	CVE-2019-13457
VCID-8cwz-ccuj-tbb9	Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.	CVE-2021-21435
VCID-9ga6-vsc2-jkdw	BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.	CVE-2020-1775
VCID-sv2w-mb1n-1bfk	Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.	CVE-2020-1777
VCID-x8rr-csqf-3fa6	The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.	CVE-2020-1768
VCID-yc4t-z4jx-vkc9	An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.	CVE-2019-10065
VCID-yqad-95kf-1bcm	An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.	CVE-2019-9753
VCID-zbpw-qryg-kyh3	The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.	CVE-2011-2385

Vulnerability

Summary

Aliases

VCID-1cad-s6nn-j7aw

embedded prototype.js JavaScript hijacking

CVE-2007-2383

VCID-2fxb-3haf-gket

When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.

CVE-2020-1778

VCID-4ab3-red7-x3aa

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.

CVE-2019-13457

VCID-8cwz-ccuj-tbb9

Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.

CVE-2021-21435

VCID-9ga6-vsc2-jkdw

BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.

CVE-2020-1775

VCID-sv2w-mb1n-1bfk

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.

CVE-2020-1777

VCID-x8rr-csqf-3fa6

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.

CVE-2020-1768

VCID-yc4t-z4jx-vkc9

An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.

CVE-2019-10065

VCID-yqad-95kf-1bcm

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.

CVE-2019-9753

VCID-zbpw-qryg-kyh3

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

CVE-2011-2385

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:08:11.611105+00:00	Debian Importer	Fixing	VCID-yqad-95kf-1bcm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:55:30.419863+00:00	Debian Importer	Fixing	VCID-yc4t-z4jx-vkc9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:36:20.532734+00:00	Debian Importer	Fixing	VCID-x8rr-csqf-3fa6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:45:57.596572+00:00	Debian Importer	Fixing	VCID-4ab3-red7-x3aa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:39:17.310647+00:00	Debian Importer	Fixing	VCID-zbpw-qryg-kyh3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:32:24.513617+00:00	Debian Importer	Fixing	VCID-8cwz-ccuj-tbb9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:12:01.623116+00:00	Debian Importer	Fixing	VCID-sv2w-mb1n-1bfk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:49:50.953033+00:00	Debian Importer	Fixing	VCID-9ga6-vsc2-jkdw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:25:53.944575+00:00	Debian Importer	Fixing	VCID-1cad-s6nn-j7aw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:29.618736+00:00	Debian Importer	Fixing	VCID-2fxb-3haf-gket	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:02:05.342982+00:00	Debian Importer	Fixing	VCID-yqad-95kf-1bcm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:52:30.873101+00:00	Debian Importer	Fixing	VCID-yc4t-z4jx-vkc9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:38:07.792015+00:00	Debian Importer	Fixing	VCID-x8rr-csqf-3fa6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:01:23.773905+00:00	Debian Importer	Fixing	VCID-4ab3-red7-x3aa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:12:15.707604+00:00	Debian Importer	Fixing	VCID-zbpw-qryg-kyh3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:06:56.714899+00:00	Debian Importer	Fixing	VCID-8cwz-ccuj-tbb9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:51:21.748236+00:00	Debian Importer	Fixing	VCID-sv2w-mb1n-1bfk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:34:11.567515+00:00	Debian Importer	Fixing	VCID-9ga6-vsc2-jkdw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:40.238589+00:00	Debian Importer	Fixing	VCID-1cad-s6nn-j7aw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:55:06.438298+00:00	Debian Importer	Fixing	VCID-2fxb-3haf-gket	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:16.072622+00:00	Debian Importer	Fixing	VCID-8cwz-ccuj-tbb9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:16.026519+00:00	Debian Importer	Fixing	VCID-2fxb-3haf-gket	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:16.005983+00:00	Debian Importer	Fixing	VCID-sv2w-mb1n-1bfk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:15.963987+00:00	Debian Importer	Fixing	VCID-9ga6-vsc2-jkdw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:15.812745+00:00	Debian Importer	Fixing	VCID-x8rr-csqf-3fa6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:15.666404+00:00	Debian Importer	Fixing	VCID-yqad-95kf-1bcm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:15.511317+00:00	Debian Importer	Fixing	VCID-4ab3-red7-x3aa	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:15.362353+00:00	Debian Importer	Fixing	VCID-yc4t-z4jx-vkc9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.612309+00:00	Debian Importer	Fixing	VCID-zbpw-qryg-kyh3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:13.897309+00:00	Debian Importer	Fixing	VCID-1cad-s6nn-j7aw	https://security-tracker.debian.org/tracker/data/json	38.1.0