7 matches found
Debian DLA-2079-1 : otrs2 security update
Several vulnerabilities have been discovered in the otrs2 package that may lead to unauthorized access, remote code execution and spoofing. CVE-2020-1765 An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward,...
Debian: Security Advisory (DLA-2079-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2079-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u13 CVE ID : CVE-2020-1765 CVE-2020-1766 CVE-2020-1767 Several vulnerabilities have been discovered in the otrs2 package that may lead to unauthorized access, remote code execution and spoofing. CVE-2020-1765 An improper control of parameters allows the...
OTRS 6.0.x < 6.0.25, 7.0.x < 7.0.14 Message Vulnerability
OTRS is prone to a vulnerability where it is possible to send drafted messages as wrong agent. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2020-1767
Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...
CVE-2020-1767
CVE-2020-1767 affects OTRS Community Edition 6.0.x (up to 6.0.24) and OTRS 7.0.x (up to 7.0.13). Description: Agent A can save a draft; Agent B can open it, modify the text, and send it as Agent A, so customers see a message sent by the original agent. Debian/Nessus advisories indicate patches: u...
CVE-2020-1767 Possible to send drafted messages as wrong agent
Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...