VDB

CVE-2021-21443

CVE-2021-21443 PUBLISHED

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.

EPSS 0.22% · 44.7th percentile

Risk Scores

EPSS Score
0.22%
44.7th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSotrs25.0.3-1, 0, 4.0.10-1
Ubuntu:20.04:LTSotrs26.0.23-2, 6.0.24-1, 6.0.25-1
Ubuntu:18.04:LTSotrs20, 5.0.23-1, 5.0.24-1
Ubuntu:22.04:LTSotrs26.0.32-6, 6.1.2-1, 6.2.2-2

Timeline

  • Jul 26, 2021 EPSS Score
  • Jul 26, 2021 CVE Published
  • Sep 23, 2021 EPSS Score
  • Nov 21, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 20, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 18, 2022 EPSS Score
  • Jul 17, 2022 EPSS Score
  • Sep 15, 2022 EPSS Score
  • Nov 13, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›