CVE-2021-21439

EUVD-2021-8713
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
OTRSCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
otrsotrs
6.0.1 ≤
𝑥
≤ 6.0.30
otrsotrs
7.0.0 ≤
𝑥
< 7.0.27
otrsotrs
8.0.0 ≤
𝑥
< 8.0.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
otrs2
bullseye/non-free
6.0.32-6
fixed
stretch
no-dsa
znuny
bookworm/non-free
6.5.1-1
fixed
sid/non-free
6.5.11-1
fixed
stretch
no-dsa
trixie/non-free
6.5.11-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
otrs2
bionic
needs-triage
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://otrs.com/release-notes/otrs-security-advisory-2021-09/
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://otrs.com/release-notes/otrs-security-advisory-2021-09/