Security Advisories

Dear reader,

The following security fix/es was/were made:

OTRS Security Advisory 2022-03

ID: OSA-2022-03
Date: 2022-03-21
Title: Authenticated remote code execution
Severity: 6.4 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRSSTORM 8.0.x, OTRSSTORM 7.0.x, SystemMonitoring 8.0.x, SystemMonitoring 7.0.x
Fixed in: OTRS 8.0.20, OTRS 7.0.33, OTRSSTORM 8.0.12, OTRSSTORM 7.0.28, SystemMonitoring 8.0.9, SystemMonitoring 7.0.19
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References: CVE-2021-36100

OTRS Security Advisory 2022-05

ID: OSA-2022-05
Date: 2022-03-21
Title: Possible XSS attack via translation
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.33, OTRS 8.0.20
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
References: CVE-2022-0475

OTRS Security Advisory 2022-06

ID: OSA-2022-06
Date: 2022-03-21
Title: Information disclosure in the External Interface
Severity: 4.3 MEDIUM
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.33, OTRS 8.0.20
FULL CVSS v3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References: CVE-2022-1004

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/

Kind regards,
Your OTRS release team

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.

Visit www.otrs.com or contact us.