CVE-2021-21439 MEDIUM

CVE-2021-21439: Possible DoS attack using a special crafted URL in email body

Vendor Otrs Ag
Product ((OTRS)) Community Edition
Weakness CWE-754
Published June 14, 2021
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.

Key dates

02Disclosure timeline

June 14, 2021 CVE published
September 16, 2024 Record updated