CVE-2021-36100: OS Command Injection
First published: Mon Mar 21 2022(Updated: )
Specially crafted string in OTRS system configuration can allow the execution of any system command.
Credit: security@otrs.com security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | <7.0.28 | |
| Otrs Otrs | >=7.0.30<7.0.33 | |
| Otrs Otrs | >=8.0.0<8.0.21 | |
| Otrs Otrs Itsm | <7.0.19 | |
| Otrs Otrs Itsm | >=8.0.0<8.0.28 | |
| Otrs Otrs Storm | <8.0.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-36100?
CVE-2021-36100 is a vulnerability in the OTRS system configuration that allows the execution of any system command.
How does CVE-2021-36100 affect OTRS?
CVE-2021-36100 affects OTRS versions 7.0.28 to 7.0.33 and versions 8.0.0 to 8.0.21, as well as OTRS ITSM versions 7.0.19 to 8.0.28 and OTRS Storm version 8.0.12.
What is the severity of CVE-2021-36100?
CVE-2021-36100 has a severity rating of 8.8 (critical).
How can I fix CVE-2021-36100?
To fix CVE-2021-36100, OTRS users should update to the latest patched version of the software.
Where can I find more information about CVE-2021-36100?
More information about CVE-2021-36100 can be found in the Debian LTS announce and the OTRS security advisory.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/7.0.30
- version/otrs otrs/8.0.0
- canonical/otrs otrs itsm
- version/otrs otrs itsm/8.0.0
- canonical/otrs otrs storm