Security Advisories Dear reader, The following security fix/es was/were made: OTRS Security Advisory 2021-05 ID: OSA-2021-05 Date: 2021-02-08 Title: Several Vulnerabilites in CKEditor Severity: 5.5 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.11, OTRS 7.0.24 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L References: CVE-2018-17960, https://ckeditor.com/cke4/release-notes https://ckeditor.com/cke4/release-notes OTRS Security Advisory 2021-04 ID: OSA-2021-04 Date: 2021-02-08 Title: Agent is able to link customer's Config Items without permission Severity: 3.5 LOW Product: OTRSCIsInCustomerFrontend 7.0.14 Fixed in: OTRSCIsInCustomerFrontend 7.0.15 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N References: CVE-2021-21436 OTRS Security Advisory 2021-03 ID: OSA-2021-03 Date: 2021-02-08 Title: Dynamic templates reveal sensitive data when OTRS tags are used Severity: 4.3. MEDIUM Product: OTRSTicketForms 6.0.40, OTRSTicketForms 7.0.29 and OTRSTicketForms 8.0.3 Fixed in: OTRSTicketForms 7.0.30 and OTRSTicketForms 8.0.4 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N References: CVE-2020-1779 OTRS Security Advisory 2021-02 ID: OSA-2021-02 Date: 2021-02-08 Title: Information exposure in PDF export Severity: 5.7 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.11, OTRS 7.0.24 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N References: CVE-2021-21435 OTRS Security Advisory 2021-01 ID: OSA-2021-01 Date: 2021-02-08 Title: XSS Severity: 3.5 LOW Product: Survey 7.0.x, Survey 6.0.x Fixed in: Survey 7.0.20 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N References: CVE-2021-21434 To read the entire Security Advisory/Advisories, please follow this link: https://otrs.com/overview-release-notes-security-advisories/security-advisor... https://pg183.infusion-links.com/api/v1/click/6673080509923328/4646958497005... Kind regards, Your OTRS release team Subscribe to the OTRS Newsletter. Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language. German https://pg183.infusion-links.com/api/v1/click/6230505336471552/4646958497005... English https://pg183.infusion-links.com/api/v1/click/5235474643419136/4646958497005... Spanish https://pg183.infusion-links.com/api/v1/click/5923083187257344/4646958497005... Portuguese https://pg183.infusion-links.com/api/v1/click/5662171054342144/4646958497005... https://www.facebook.com/OTRSGroup/ https://twitter.com/otrsgroup https://www.linkedin.com/company/154779 https://www.youtube.com/channel/UCHdOAyuwwkkk5ko_vy0X8_g https://www.instagram.com/otrs_group/ Visit www.otrs.com https://pg183.infusion-links.com/api/v1/click/5347555086565376/4646958497005... or contact us. https://pg183.infusion-links.com/api/v1/click/5292666427932672/4646958497005... OTRS AG Zimmersmühlenweg 11 61440 Oberursel Germany +49 6172 681988 0