Unrated severityNVD Advisory· Published Oct 18, 2021· Updated Sep 16, 2024
Agents are able to lock the ticket without the "Owner" permission
CVE-2021-36097
Description
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- otrs.com/release-notes/otrs-security-advisory-2021-20/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.