» 2021 » 7월

CVE-2021-36092

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-36092

It’s possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.

Source: CVE-2021-36092

CVE-2021-21443

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.

Source: CVE-2021-21443

CVE-2021-21442

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-21442

In the project create screen it’s possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.

Source: CVE-2021-21442

CVE-2021-21440

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.

Source: CVE-2021-21440

CVE-2021-37447

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-37447

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.

Source: CVE-2021-37447

CVE-2021-37449

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-37449

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).

Source: CVE-2021-37449

CVE-2021-37443

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-37443

NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.

Source: CVE-2021-37443

CVE-2021-37448

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-37448

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).

Source: CVE-2021-37448

CVE-2021-37445

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-37445

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.

Source: CVE-2021-37445

CVE-2021-37444

Posted on 2021년 7월 26일2021년 7월 26일 by admin

CVE-2021-37444

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element’s pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.

Source: CVE-2021-37444