Source: otrs2 Version: 3.3.9-3 Severity: grave Tags: upstream security Hi,
the following vulnerability was published for otrs2. CVE-2017-14635[0]: | In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before | 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage | statistics-write permissions to gain privileges via code injection. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14635 [1] https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/ Unfortunately the patches are not referenced, so must be researched in the repository. Regards, Salvatore
