CVE-2021-21435
MEDIUMOTRS 6.0.0-6.0.29 7.0.0-7.0.22 - Unauthorized Exposure of Sensitive Information via Ticket PDF Print
Title source: llmDescription
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://otrs.com/release-notes/otrs-security-advisory-2021-02/
Scores
CVSS v3
5.7
EPSS
0.0127
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
otrs/otrs
6.0.0 - 6.0.30
otrs/otrs
7.0.0 - 7.0.23
Published
Feb 08, 2021
Tracked Since
Feb 18, 2026