Source: otrs2 Version: 3.3.9-3 Severity: grave Tags: patch security upstream
Hi From https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ > An attacker can send a specially prepared email to an OTRS system. If > this system has cookie support disabled, and a logged in agent clicks a > link in this email, the session information could be leaked to external > systems, allowing the attacker to take over the agent’s session. Regards, Salvatore
