VDB
CVE-2021-21439
CVE-2021-21439
PUBLISHED
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.
EPSS 0.35% · 57.5th percentile
Risk Scores
EPSS Score
0.35%
57.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | otrs2 | 6.2.2-2, 6.2.1-1, 6.1.2-1 |
| Ubuntu:18.04:LTS | otrs2 | 0, 6.0.2-1, 6.0.1-1 |
| Ubuntu:20.04:LTS | otrs2 | 6.0.25-3, 6.0.26-1, 0 |
| Ubuntu:16.04:LTS | otrs2 | 5.0.5-1, 0, 5.0.6-1 |
Timeline
- Jun 14, 2021 EPSS Score
- Jun 14, 2021 CVE Published
- Jun 14, 2021 PoC Published
- Aug 15, 2021 EPSS Score
- Oct 14, 2021 EPSS Score
- Dec 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 12, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 14, 2022 EPSS Score
- Jun 14, 2022 EPSS Score
- Aug 14, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-21439 third-party-advisory
- https://otrs.com/release-notes/otrs-security-advisory-2021-09/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-21439 third-party-advisory