Description
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
Scores
CVSS v3
6.8
EPSS
0.0046
EPSS Percentile
64.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-913
Status
published
Products (2)
otrs/otrs
6.0.0 - 6.0.32
otrs/otrs
7.0.0 - 7.0.37
Published
Sep 05, 2022
Tracked Since
Feb 18, 2026