- Home
- CVEs with nessus.description==This update for otrs to version 4.0.32 fixes the following issues :
These security issues were fixed :
- CVE-2018-16586: An attacker could have sent a malicious email to an OTRS system. If a logged in user opens it, the email could have caused the browser to load external image or CSS resources (bsc#1109822).
- CVE-2018-16587: An attacker could have sent a malicious email to an OTRS system. If a user with admin permissions opens it, it caused deletions of arbitrary files that the OTRS web server user has write access to (bsc#1109823).
- CVE-2018-14593: An attacker who is logged into OTRS as an agent may have escalated their privileges by accessing a specially crafted URL (bsc#1103800).
These non-security issues were fixed :
- fixed permissions file @OTRS_ROOT@/var/tmp -> @OTRS_ROOT@/var/tmp/
- ACL for Action AgentTicketBulk were inconsistent.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top