[IT-SecNots] [announce]New Security Updates for OTRS

[Melanie Krueger <melanie.krueger AT otrs.com>]

Security Advisories

Dear reader,

The following security fix/es was/were made:

OTRS Security Advisory 2023-08

ID: OSA-2023-08
Date: 2023-10-16
Title: External pictures can be loaded even if not allowed by configuration
Severity: 5.3 MEDIUM
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.47, OTRS 8.0.37
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References: CVE-2023-38059

OTRS Security Advisory 2023-09

ID: OSA-2023-09
Date: 2023-10-16
Title: Possible XSS execution in customer information
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.47, OTRS 8.0.37
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
References: CVE-2023-5421

OTRS Security Advisory 2023-10

ID: OSA-2023-10
Date: 2023-10-16
Title: SSL Certificates are not checked for E-Mail Handling
Severity: 8.7 HIGH
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.47, OTRS 8.0.37
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
References: CVE-2023-5422

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/otrs-software-solutions/otrs/overview-release-notes-security-advisories/release-notes/

Kind regards, 
Your OTRS release team 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.

German

 

English

Spanish

 

Portuguese

    

Visit www.otrs.com or contact us. 

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
_______________________________________________
announce mailing list -- announce AT lists.otrs.org
To unsubscribe send an email to announce-leave AT lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/