CVE-2021-21436

Summary

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRSCIsInCustomerFrontend7.0.x <= 7.0.14affected

Weaknesses

  • CWE-264: CWE-264 Permissions, Privileges, and Access Controls

ADP Enrichment

CVE Program Container

Additional References

References