Francesco Sirocco

**Name of the Vulnerable Software and Affected Versions** Open Ticket Request System (OTRS) versions 4.0.x through 4.0.30 Open Ticket Request System (OTRS) versions 5.0.x through 5.0.28 Open Ticket Request System (OTRS) versions 6.0.x through 6.0.9 **Description** An issue was discovered that allows an attacker who is logged in as an agent to escalate their privileges by accessing a specially crafted URL. **Recommendations** For versions 4.0.x through 4.0.30, update to a version that contains a fix for this issue. For versions 5.0.x through 5.0.28, update to a version that contains a fix for this issue. For versions 6.0.x through 6.0.9, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Open Ticket Request System (OTRS) versions 4.0.x through 4.0.27 Open Ticket Request System (OTRS) versions 5.0.x through 5.0.25 Open Ticket Request System (OTRS) versions 6.0.x through 6.0.2 **Description** The issue might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email when cookie support is disabled. **Recommendations** For versions 4.0.x through 4.0.27, update to version 4.0.28 or later. For versions 5.0.x through 5.0.25, update to version 5.0.26 or later. For versions 6.0.x through 6.0.2, update to version 6.0.3 or later.