Otrs Ag · Otrs Ag Otrscisincustomerfrontend · CVE-2021-21436
**Name of the Vulnerable Software and Affected Versions**
OTRS AG OTRSCIsInCustomerFrontend versions 7.0.14 and prior versions.
**Description**
The issue allows agents to see and link Config Items without the necessary permissions, which are defined in the General Catalog.
**Recommendations**
For OTRS AG OTRSCIsInCustomerFrontend versions 7.0.14 and prior versions, update to a version that includes the necessary permission checks to restrict access to Config Items.
As a temporary workaround, consider restricting access to the General Catalog to minimize the risk of exploitation.