CVE-2021-21437

Summary

Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRSCIsInCustomerFrontend7.0.x <= 7.0.15affected
OTRS AGITSMConfigurationManagement7.0.x <= 7.0.24affected

Weaknesses

  • CWE-264: CWE-264 Permissions, Privileges, and Access Controls

ADP Enrichment

CVE Program Container

Additional References

References