{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T05:43:09.615","vulnerabilities":[{"cve":{"id":"CVE-2021-21439","sourceIdentifier":"security@otrs.com","published":"2021-06-14T08:15:10.097","lastModified":"2024-11-21T05:48:21.857","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions."},{"lang":"es","value":"El ataque de DoS puede ser llevado a cabo cuando un correo electrónico contiene una URL especialmente diseñada en el cuerpo. Puede conllevar a un alto uso de la CPU y causar una baja calidad de servicio, o en caso extremo llevar el sistema a una parada. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versión 6.0.x, 6.0.1 y versiones posteriores. OTRS AG OTRS versión 7.0.x, 7.0.26 y versiones anteriores; versión 8.0.x,  8.0.13 y versiones anteriores"}],"metrics":{"cvssMetricV31":[{"source":"security@otrs.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security@otrs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*","versionStartIncluding":"6.0.1","versionEndIncluding":"6.0.30","matchCriteriaId":"58EDB086-8414-4EBD-8C19-1402C800DFD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.27","matchCriteriaId":"4FDBB41C-E915-41DF-8E95-8BB17798F20A"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.14","matchCriteriaId":"042B7D35-918B-4716-A819-9AE29ECF50AD"}]}]}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html","source":"security@otrs.com"},{"url":"https://otrs.com/release-notes/otrs-security-advisory-2021-09/","source":"security@otrs.com","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://otrs.com/release-notes/otrs-security-advisory-2021-09/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}