CVE-2021-21439

Published: Jun 14, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.

Affected (3)

Products: Otrs: Otrs

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Otrs Otrs	From 7.0.0 to 7.0.27
Otrs Otrs	From 8.0.0 to 8.0.14
Otrs Otrs	From 6.0.1 to 6.0.30

Related CWEs

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (4)

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

Source: security@otrs.com

https://otrs.com/release-notes/otrs-security-advisory-2021-09/

Source: security@otrs.com

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://otrs.com/release-notes/otrs-security-advisory-2021-09/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.