Security Advisories

Dear reader,

The following security fix/es was/were made:

OTRS Security Advisory 2021-08

ID: OSA-2021-08
Date: 2021-03-22
Title: FAQ articles are shown to users without permission
Severity: 3.5 LOW
Product: OTRS 7.0.24, and FAQ 6.0.29
Fixed in: OTRS 7.0.25
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2021-21438

OTRS Security Advisory 2021-07

ID: OSA-2021-07
Date: 2021-03-22
Title: Config Items are shown to users without permission
Severity: 3.5 LOW
Product: ITSMConfigurationManagement 7.0.24 and OTRSCIsInCustomerFrontend 7.0.15
Fixed in: ITSMConfigurationManagement 7.0.25 and OTRSCIsInCustomerFrontend 7.0.16
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2021-21437

OTRS Security Advisory 2021-06

ID: OSA-2021-06
Date: 2021-03-22
Title: ReDoS vulnerability in thirdparty library (jquery-validate)
Severity: 5.3 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.12, OTRS 7.0.25
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References: CVE-2021-21252

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/

Kind regards,
Your OTRS release team

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.

Visit www.otrs.com or contact us.

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel
Germany
+49 6172 681988 0