CVE-2021-21441

Name of the Vulnerable Software and Affected Versions OTRS AG (OTRS) Community Edition versions 6.0.1 through 6.0.x OTRS AG OTRS versions prior to 7.0.26

Description The issue is related to a lack of protection of the web page structure in the ticket request system OTRS, allowing an attacker to collect various information by having a specially crafted email shown in the overview screen. This can be done without requiring any user interaction, by sending a specially crafted email to the system. The attack can be performed remotely.

Recommendations For OTRS AG (OTRS) Community Edition versions 6.0.1 through 6.0.x, update to a version that includes the fix for this issue. For OTRS AG OTRS versions prior to 7.0.26, update to version 7.0.26 or later. As a temporary workaround, consider restricting access to the ticket overview screens until a patch is available. Avoid displaying emails in the overview screen that may contain malicious content.