CVE-2021-21439

Name of the Vulnerable Software and Affected Versions OTRS AG (OTRS) Community Edition versions 6.0.1 and later OTRS AG OTRS versions 7.0.x through 7.0.26 OTRS AG OTRS versions 8.0.x through 8.0.13

Description The issue is related to deficiencies in handling exceptional states in the OTRS ticket system. It can be exploited by a remote attacker using a specially crafted URL in an email, leading to a denial of service (DoS) attack. This can cause high CPU usage, low quality of service, or even bring the system to a halt.

Recommendations For OTRS AG (OTRS) Community Edition versions 6.0.1 and later, update to a version that includes a fix for this issue. For OTRS AG OTRS versions 7.0.x through 7.0.26, update to a version later than 7.0.26. For OTRS AG OTRS versions 8.0.x through 8.0.13, update to a version later than 8.0.13. As a temporary workaround, consider restricting the handling of emails with specially crafted URLs to minimize the risk of exploitation.