Security Advisory 2013-01 – Information disclosure and Data manipulation

April 2013

  April 2, 2013 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2014-03-20] uid OTRS Security Team <security@otrs.org> Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B   Security Advisory Details

Read More

Security Advisory 2012-03 – XSS vulnerability

October 2012

  October 16, 2012 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org GPG Fingerprint 8280 7B65 3F78 39B8 AEF1 EED7 3D15 21D7 7846 E997   Security Advisory Details ID: OSA-2012-03 Date: 2012-10-16 Title: XSS vulnerability Severity: Low (Overall CVSS Score: 3.9)

Read More

Security Advisory 2012-02 – XSS vulnerability

August 2012

  August 30, 2012 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details ID: OSA-2012-02 Date: 2012-08-30 Title: XSS vulnerability Severity: Less critical Product: OTRS 2.4.x, 3.0.x, 3.1.x Fixed in: OTRS 2.4.14, 3.0.16, 3.1.10 URL: http://otrs.org/advisory/OSA-2012-02-en/ CVE: CVE-2012-4600

Read More

Security Advisory 2012-01 – XSS vulnerability in Internet Explorer

August 2012

  August 21, 2012 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details ID: OSA-2012-01 Date: 2012-08-21 Title: XSS vulnerability in Internet Explorer Severity: Less critical Product: OTRS 2.4.x, 3.0.x, 3.1.x, OTRS ITSM 3.1.x, 3.0.x, 2.1.x Fixed in:

Read More

Security Advisory 2011-03 – Vulnerabilities in OTRS-Core allows read access to any file on local file system

August 2011

  August 16, 2011 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details ID: OSA-2011-03 Date: 2011-08-16 Title: Vulnerabilities in OTRS-Core allows read access to any file on local file system Severity: Moderate Product: OTRS 2.1.x, 2.2.x, 2.3.x,

Read More

Security Advisory 2011-02 – Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation

July 2011

  July 12, 2011 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details ID: OSA-2011-02 Date: 2011-07-12 Title: Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation Severity: Critical Product: iPhoneHandle 1.0.x (OTRS 3.0), iPhoneHandle

Read More

Security Advisory 2011-01 – Several XSS attacks possible

April 2011

    April 04, 2011 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details Date: Apr 04, 2011 Title: Several XSS attacks possible Severity: Less Critical Affected: – OTRS Help Desk 2.4.x, 3.0.x Fixed in: – OTRS Help

Read More

Security Advisory 2010-03 – AgentTicketZoom is vulnerable to XSS attacks from HTML e-mails

October 2010

October 26, 2010 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.8. This vulnerability is fixed in OTRS 2.4.9 and it is recommended to upgrade

Read More

Security Advisory 2010-02 – Multiple XSS and denial of service vulnerabilities

September 2010

September 15, 2010 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution This vulnerability is fixed in OTRS Help Desk 2.4.8 as well as OTRS Help Desk 2.3.6 and it is recommended to upgrade to these higher versions. Fixed OTRS releases can be found at:

Read More

Security Advisory 2010-01 – Vulnerability in OTRS-Core allows SQL injection

February 2010

February 8, 2010 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution These vulnerabilities are fixed in OTRS 2.1.9, OTRS 2.2.9, OTRS 2.3.5 and OTRS 2.4.7, and it is recommended to upgrade to one of these versions. Fixed OTRS releases

Read More