Release Notes

Security Advisory 2017-05: Security Update for OTRS Business Solution™

OTRS Group, the world’s leading provider of the OTRS service management suite, including the fully managed OTRS solution and the ITIL® V3-compliant IT service management software OTRS::ITSM.


October 17, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability.

Please send information regarding vulnerabilities in OTRS to:


Security Advisory Details


  • ID: OSA-2017-05
  • Date: 2017-10-17
  • Title: Vulnerability in OTRS Business Solution™ allows access to any active public chats
  • Severity: 4.7 Medium
  • Product: OTRS Business Solution™ 5.0.x, OTRS Business Solution™ 4.0.x
  • Fixed in: OTRS Business Solution™ 5.0.21, OTRS Business Solution™ 4.0.8
  • References:


Vulnerability Description


This advisory covers vulnerabilities discovered in the OTRS Business Solution™.


Privilege Escalation


An attacker could manipulate URL to access any active public chat, even if they are not a participant of it.


Affected by this vulnerability are all releases of OTRS Business Solution™ 5.0.x up to and including 5.0.20 and OTRS Business Solution™ 4.0.x up to and including 4.0.7.

 This vulnerability is fixed in the latest versions of OTRS Business Solution™, and it is recommended to upgrade via the OTRS Business Solution™ management module in the admin area of OTRS.

Release Name:

Security Advisory 2017-05: Security Update for OTRS Business Solution™


  • pub 2048R/9C227C6B 2011-03-21 [expires at: 2017-08-20]
  • uid OTRS Security Team <>
  • GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B