CVE-2021-21439
MEDIUMOTRS 6.0.1-6.0.29 and 7.0.0-7.0.26 - Denial of Service via Malicious Email URL
Title source: llmDescription
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.
References (2)
Core 2
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
Vendor Advisory
https://otrs.com/release-notes/otrs-security-advisory-2021-09/
Scores
CVSS v3
6.5
EPSS
0.0098
EPSS Percentile
57.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-755
CWE-754
Status
published
Products (2)
otrs/otrs
6.0.1 - 6.0.30
otrs/otrs
7.0.0 - 7.0.27
Published
Jun 14, 2021
Tracked Since
Feb 18, 2026