|
Dear reader,
The following security fixes were made:
OTRS Security Advisory 2024-06
ID: OSA-2024-06
Date: 2024-07-15
Title: Agents are able to lock the ticket without the “Owner” permission
Severity CVSS v3.1: 5.2 MEDIUM
Severity CVSS v4.0: 5.6 MEDIUM
Urgency: Reduced
Product: OTRS
Fixed in: OTRS 2024.5.2
CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/U:Green
References: CVE-2024-23794
OTRS Security Advisory 2024-07
ID: OSA-2024-07
Date: 2024-07-15
Title: Information disclosure in external interface
Severity CVSS v3.1: 5.7 MEDIUM
Severity CVSS v4.0: 1.9 LOW
Urgency: Moderate
Product: OTRS
Fixed in: OTRS 2024.5.2
CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
References: CVE-2024-6540
OTRS Security Advisory 2024-08
ID: OSA-2024-08
Date: 2024-07-15
Title: OpenSSH: Remote Code Execution
Severity CVSS v3.1: 8.1. HIGH
Urgency: High
Product: OTRS SaaS platform
Fixed in: SaaS stack 2024-07
CVSS VECTOR: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References: CVE-2024-6387
OTRS Security Advisory 2024-09
ID: OSA-2024-09
Date: 2024-07-15
Title: IKEv1 default AH/ESP responder can crash and restart
Severity CVSS v3.1: 6.5 MEDIUM
Urgency: Moderate
Product: OTRS SaaS platform
Fixed in: SaaS stack 2024-07
CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References: CVE-2024-3652
To read the entire Security Advisories, please follow this link:
https://otrs.com/otrs-software-solutions/otrs/overview-release-notes-security-advisories/security-advisories/
Kind regards,
Your OTRS release team
|
