CVE Vulnerabilities

CVE-2021-21439

Improper Handling of Exceptional Conditions

Published: Jun 14, 2021 | Modified: Aug 31, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
LOW

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Otrs Otrs 6.0.1 (including) 6.0.30 (including)
Otrs Otrs 7.0.0 (including) 7.0.27 (excluding)
Otrs Otrs 8.0.0 (including) 8.0.14 (excluding)
Otrs2 Ubuntu bionic *
Otrs2 Ubuntu groovy *
Otrs2 Ubuntu hirsute *
Otrs2 Ubuntu impish *
Otrs2 Ubuntu trusty *
Otrs2 Ubuntu xenial *

References