Open Ticket Request System (OTRS) 7.0.0 Information Disclosure Vulnerability


An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.


The information has been provided by Shawn Beasley
The original article can be found at:


Otrs is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application


Vulnerable Systems:

  • Otrs 7.0.0
  • Otrs 7.0.4

    CVE Information:

    Disclosure Timeline:
    Publish Date:06/03/2019

    Categories: News