CVE-2021-36091: Unautorized access to the calendar appointments
First published: Mon Jul 26 2021(Updated: )
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
Credit: security@otrs.com security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=6.0.0<6.0.32 | |
| Otrs Otrs | >=7.0.0<7.0.28 |
Remedy
Update to OTRS 7.0.28.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-36091?
CVE-2021-36091 is a vulnerability that allows agents to list appointments in calendars without the required permissions in OTRS AG ((OTRS)) Community Edition version 6.0.1 and later, and OTRS AG OTRS version 7.0.27 and earlier.
How does CVE-2021-36091 affect OTRS AG ((OTRS)) Community Edition?
CVE-2021-36091 affects OTRS AG ((OTRS)) Community Edition version 6.0.1 and later.
How does CVE-2021-36091 affect OTRS AG OTRS?
CVE-2021-36091 affects OTRS AG OTRS version 7.0.27 and earlier.
What is the severity of CVE-2021-36091?
The severity of CVE-2021-36091 is medium with a severity value of 4.3.
What is the fix for CVE-2021-36091?
To fix CVE-2021-36091, users should update OTRS AG ((OTRS)) Community Edition to version 6.0.32 or later, and OTRS AG OTRS to version 7.0.28 or later.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/weakness
- agent/title
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/6.0.0
- version/otrs otrs/7.0.0