PT-2021-14509 · Unknown · Otrs Ag Otrscisincustomerfrontend+1
Jaroslav Balaz
·
Published
2021-03-22
·
Updated
2022-10-24
·
CVE-2021-21437
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OTRSCIsInCustomerFrontend versions 7.0.15 and prior
ITSMConfigurationManagement versions 7.0.24 and prior
Description
The issue allows agents to see linked Config Items without the necessary permissions, which are defined in the General Catalog.
Recommendations
For OTRSCIsInCustomerFrontend versions 7.0.15 and prior, update to a version later than 7.0.15 to resolve the issue.
For ITSMConfigurationManagement versions 7.0.24 and prior, update to a version later than 7.0.24 to resolve the issue.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Itsmconfigurationmanagement
Otrs Ag Otrscisincustomerfrontend