ad-password arrow-down-ring arrow-left arrow-right auto-select cog customer-id excel-statistics external-link featured github icn-admin icn-developer icn-evaluierung icn-installation icn-keyuser icn-konzeptionierung icn-master icn-performance icn-review last-contact linkedin map-person messages multi-upload no-eye out-of-office password-guidlines pending-time phone plus proxy-support quick-close search service-catalog setting-search shield sugarcrm-integration tag-cloud ticket-create twitter watch-arrow watchlist xing

Znuny Sicherheitswarnungen für OTRS

Hier finden Sie eine Übersicht über die vorhandenen Sicherheitswarnungen zu OTRS.

# Title CVE Severity Date
ZSA-2020-12 jQuery version 3.4.1 is vulnerable to cross-site-scripting CVE-2020-11022, CVE-2020-11023 Medium 10/12/20
ZSA-2020-11 Renaming or setting user invalid keeps his session active CVE-2020-1776 Low 07/20/20
ZSA-2020-10 Problems distinguishing downloaded certificate files CVE-2020-1774 Medium 04/20/20
ZSA-2020-09 Session ID, password and password reset token security issue CVE-2020-1773 High 03/27/20
ZSA-2020-08 Security issue in request for lost password CVE-2020-1772 Medium 03/27/20
ZSA-2020-07 JavaScript can be executed with a prepared link to the customer address book CVE-2020-1771 Low 03/27/20
ZSA-2020-06 Support bundle file information disclosure CVE-2020-1770 Low 03/27/20
ZSA-2020-05 Agent and customer user login form use autocomplete for username and password CVE-2020-1769 Low 03/27/20
ZSA-2020-04 jQuery vulnerability CVE-2019-11358 Medium 02/07/20
ZSA-2020-03 Drafts can be finished and sent under another agent's name CVE-2020-1767 Low 01/10/20
ZSA-2020-02 Execution of JavaScript through uploaded SVG file CVE-2020-1766 Low 01/10/20
ZSA-2020-01 Spoofing of "From" fields CVE-2020-1765 Low 01/10/20
ZSA-2019-12 Long filename extensions can cause endless loop CVE-2019-18180 Medium 11/15/19
ZSA-2019-11 Agents can list tickets without permission CVE-2019-18179 Low 11/15/19
ZSA-2019-10 Agents and customer users can create articles containing malicious JavaScript CVE-2019-16375 Low 10/04/19
ZSA-2019-09 OTRS agent might unwillingly disclose session ID CVE-2019-12746 Low 07/12/19
ZSA-2019-08 Tags in templates can be used to disclose sensitive information CVE-2019-13458 Low 07/12/19
ZSA-2019-07 Disclosure of personal agent information in customer frontend. CVE-2019-12497 Low 05/31/19
ZSA-2019-06 Malicious email can cause browser to load external files. CVE-2019-12248 Low 05/31/19
ZSA-2019-05 Execution of arbitrary Javascript code via OTRS appointment calendar CVE-2019-10066 Low 04/26/19
ZSA-2019-04 Execution of arbitrary Javascript code via URL manipulation CVE-2019-10067 Low 04/26/19
ZSA-2019-03 Importing statistics XML can lead to reading arbitrary files of OTRS file system CVE-2019-9892 Medium 04/26/19
ZSA-2019-02 Privilege escalation using a manipulated URL to execute JavaScript code CVE-2019-9751 Low 03/11/19
ZSA-2019-01 Privilege escalation in picture upload CVE-2019-9752 Low 01/18/19
ZSA-2018-08 Privilege escalation using HTML Form-Params CVE-2012-2582 High 11/09/18
ZSA-2012-02 XSS attack in Firefox and Opera possible CVE-2012-4600 Critical 08/30/12