CVE-2021-36100

Summary

Specially crafted string in OTRS system configuration can allow the execution of any system command.

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS8.0.x <= 8.0.19affected
OTRS AGOTRS7.0.x <= 7.0.32affected
OTRS AGSystemMonitoring7.0.x <= 7.0.18affected
OTRS AGSystemMonitoring8.0.x <= 8.0.8affected
OTRS AGSystemMonitoring6.0.1 < 6.0.x*affected
OTRS AGOTRSSTORM7.0.x <= 7.0.27affected
OTRS AGOTRSSTORM8.0.x <= 8.0.11affected
OTRS AGOTRSSTORM6.0.1 < 6.0.x*affected
OTRS AG((OTRS)) Community Edition6.0.1 < 6.0.x*affected

Weaknesses

  • rce

ADP Enrichment

CVE Program Container

Additional References

References