VYPR
Unrated severityNVD Advisory· Published Oct 18, 2021· Updated Sep 16, 2024

Agents are able to lock the ticket without the "Owner" permission

CVE-2021-36097

Description

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OTRS/Otrsllm-fuzzy2 versions
    <=8.0.16+ 1 more
    • (no CPE)range: <=8.0.16
    • (no CPE)range: 8.0.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.