CVE-2021-21439

MEDIUM

Otrs < 6.0.30 - Improper Exception Handling

Title source: rule

Description

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.

References (2)

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

[Vendor Advisory] https://otrs.com/release-notes/otrs-security-advisory-2021-09/

Scores

CVSS v3 6.5

EPSS 0.0035

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755 CWE-754

Status published

Affected Products (2)

otrs/otrs < 6.0.30

otrs/otrs < 7.0.27

Timeline

Published Jun 14, 2021

Tracked Since Feb 18, 2026