VulnerableCode Package Details - pkg:deb/debian/otrs2@2.4.5-1?distro=bullseye

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9vrg-8wae-93ec	The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.	CVE-2009-5057
VCID-f2cv-jtcy-gugt	Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.	CVE-2010-4767
VCID-gjjf-d58f-m7gu	Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.	CVE-2009-5056
VCID-j27v-9g2t-5qab	Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.	CVE-2009-5055
VCID-me18-9d3t-a7gr	Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.	CVE-2010-4768
VCID-ybrp-zh2m-wuh1	webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."	CVE-2011-0456

Vulnerability

Summary

Aliases

VCID-9vrg-8wae-93ec

The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

CVE-2009-5057

VCID-f2cv-jtcy-gugt

Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.

CVE-2010-4767

VCID-gjjf-d58f-m7gu

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

CVE-2009-5056

VCID-j27v-9g2t-5qab

Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

CVE-2009-5055

VCID-me18-9d3t-a7gr

Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.

CVE-2010-4768

VCID-ybrp-zh2m-wuh1

webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."

CVE-2011-0456

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:44:09.427524+00:00	Debian Importer	Fixing	VCID-f2cv-jtcy-gugt	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:56:44.443845+00:00	Debian Importer	Fixing	VCID-me18-9d3t-a7gr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:51:41.899522+00:00	Debian Importer	Fixing	VCID-9vrg-8wae-93ec	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:17:37.989658+00:00	Debian Importer	Fixing	VCID-ybrp-zh2m-wuh1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:37:03.156030+00:00	Debian Importer	Fixing	VCID-j27v-9g2t-5qab	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:45:17.074408+00:00	Debian Importer	Fixing	VCID-gjjf-d58f-m7gu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:43:58.182300+00:00	Debian Importer	Fixing	VCID-f2cv-jtcy-gugt	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:09:15.437915+00:00	Debian Importer	Fixing	VCID-me18-9d3t-a7gr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:21:20.971558+00:00	Debian Importer	Fixing	VCID-9vrg-8wae-93ec	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:55:36.803084+00:00	Debian Importer	Fixing	VCID-ybrp-zh2m-wuh1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:08.862978+00:00	Debian Importer	Fixing	VCID-j27v-9g2t-5qab	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:52:55.789229+00:00	Debian Importer	Fixing	VCID-gjjf-d58f-m7gu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:14.549766+00:00	Debian Importer	Fixing	VCID-ybrp-zh2m-wuh1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.529308+00:00	Debian Importer	Fixing	VCID-me18-9d3t-a7gr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.508721+00:00	Debian Importer	Fixing	VCID-f2cv-jtcy-gugt	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.217373+00:00	Debian Importer	Fixing	VCID-9vrg-8wae-93ec	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.197005+00:00	Debian Importer	Fixing	VCID-gjjf-d58f-m7gu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.176522+00:00	Debian Importer	Fixing	VCID-j27v-9g2t-5qab	https://security-tracker.debian.org/tracker/data/json	38.1.0