CVE-2021-36091 — Vulnetix

CVE-2021-36091 PUBLISHED CVSS 3.5 LOW

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.

EPSS 0.13% · 32.4th percentile

Risk Scores

CVSS v3.1

3.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

EPSS Score

0.13%

32.4th percentile

Affected Products

Vendor	Product	Versions
otrs	otrs	6.0.0, 7.0.0
OTRS AG	OTRS	7.0.x
OTRS AG	((OTRS)) Community Edition	6.0.1

Timeline

Jul 26, 2021 EPSS Score
Jul 26, 2021 CVE Published
Sep 23, 2021 EPSS Score
Nov 21, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 20, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 18, 2022 EPSS Score
Jul 17, 2022 EPSS Score
Sep 14, 2022 EPSS Score
Nov 12, 2022 EPSS Score

References

https://otrs.com/release-notes/otrs-security-advisory-2021-14/ url
[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2021-36091 advisory
https://otrs.com/release-notes/otrs-security-advisory-2021-14 url

Open in Interactive Console →