Release Notes

Security Advisory 2020-03

OTRS Group, the world’s leading provider of the OTRS service management suite, including the fully managed OTRS solution and the ITIL® V3-compliant IT service management software OTRS::ITSM.

November 15, 2019 — Please read carefully and check if the version of your
((OTRS)) Community Edition system is affected by this vulnerability.
Please send information regarding vulnerabilities in OTRS to: security@otrs.org

PGP Key

    • pub 2048R/9C227C6B 2011-03-21 [expires at: 2020-11-16]
    • uid OTRS Security Team <security@otrs.org>
    • GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B

Security Advisory Details

    • ID: OSA-2019-14
    • Date: 2019-11-15
    • Title: Information Disclosure
    • Severity: Low
    • Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
    • Fixed in: OTRS 7.0.13, OTRS 6.0.24,, OTRS 5.0.39
    • FULL CVSS v3 VECTOR: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
    • References: CVE-2019-18179

Vulnerability Description

This advisory covers vulnerabilities discovered in the OTRS framework.

Privilege Escalation

 

Detailed information about the changes:

 

OTRS 6.0

 

OTRS 5.0

However, to avoid unwanted side effects, we recommend a complete update.

Release Name:

Security Advisory 2020-03

Security Advisory:

ID: OSA-2020-03
Date: 2020-01-10
Title: Possible to send drafted messages as wrong agent
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 7.0.14, OTRS 6.0.25
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
References: CVE-2020-1767

Archive

zurück zur Übersicht
Wir bei Social Media
Twitter Linkedin-in Youtube Facebook-f
((OTRS)) Community Edition
OTRS
Unternehmen

© copyright 2020, OTRS AG

Twitter Facebook Youtube Instagram Linkedin