Security Advisories

Dear reader, The following security fix/es was/were made:

OTRS Security Advisory 2021-10 ID: OSA-2021-10 Date: 2021-07-26 Title: Support Bundle includes S/Mime and PGP keys Severity: 5.2 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x Fixed in: OTRS 8.0.15, OTRS 7.0.28 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N References: CVE-2021-21440

OTRS Security Advisory 2021-12 ID: OSA-2021-12 Date: 2021-07-26 Title: XSS vulnerability in Time Accounting Severity: 4.5. MEDIUM Product: TimeAccounting 7.0.x Fixed in: TimeAccounting 7.0.20 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N References: CVE-2021-21442

OTRS Security Advisory 2021-13 ID: OSA-2021-13 Date: 2021-07-26 Title: Unautorized listing of the customer user emails Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS 6.0.x, Fixed in: OTRS 7.0.28 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N References: CVE-2021-21443

OTRS Security Advisory 2021-14 ID: OSA-2021-14 Date: 2021-07-26 Title: Unautorized access to the calendar appointments Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 7.0.28 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N References: CVE-2021-36091

OTRS Security Advisory 2021-15 ID: OSA-2021-15 Date: 2021-07-26 Title: XSS attack using special link in email Severity: 6.5 MEDIUM Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x Fixed in: OTRS 8.0.15, OTRS 7.0.28 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References: CVE-2021-36092

To read the entire Security Advisory/Advisories, please follow this link: https://otrs.com/overview-release-notes-security-advisories/security-advisories/

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0