+++++++++ OTRS Security Advisory 2013-05 OTRS Help Desk 3.2.9, 3.1.18, 3.0.22
and OTRS ITSM 3.2.7, 3.1.10, 3.0.9 +++++++++
Releases: OTRS Help Desk 3.2.9, 3.1.18, 3.0.22
OTRS ITSM 3.2.7, 3.1.10, 3.0.9
Release date: 9-July-2013
Status: Patch Level Release
SECURITY FIXES:
==============
------------------------------------------------------------------
OTRS Security Advisory 2013-05 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2013-05
Date: 2013-07-09
Title: SQL Injection + XSS Issue
Severity: Medium (Overall CVSS Score SQL Injection: 3.6, CVSS Score XSS:
4.2)
Fixed in: OTRS Help Desk 3.2.9, 3.1.18, 3.0.22, OTRS ITSM 3.2.7, 3.1.10,
3.0.9
URL:
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/
CVE: CVE-2013-4717 - SQL Injection
CVE-2013-4718 - XSS
To read the entire Security Advisory please follow this link.
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/
There will also be Release Notes for the newest versions of OTRS Help Desk and
OTRS ITSM, where this vulnerability is fixed and we recommend an update to one
of these new versions.
Best regards
Annalena Navarro von Starck
Marketing Assistant
OTRS AG
Norsk-Data-Straße 1
61352 Bad Homburg
Germany
T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/
Business location: Bad Homburg, Country Court: Bad Homburg, HRB 10751, VAT ID:
DE256610065
Chairman: Burchard Steinbild, Managing Board: André Mindermann (CEO),
Christopher Kuhn, Sabine Riedel
---------------------------------------------------------------------
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/announce
