Unrestricted Access to Config Items in OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions

Unrestricted Access to Config Items in OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions

CVE-2021-21436 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.

Learn more about our Web Application Penetration Testing UK.