Joerg-Thomas Vogt

**Name of the Vulnerable Software and Affected Versions** Open Ticket Request System (OTRS) versions 3.3.x through 3.3.16 Open Ticket Request System (OTRS) versions 4.x through 4.0.23 Open Ticket Request System (OTRS) versions 5.x through 5.0.19 **Description** An issue allows an attacker with agent permission to gain administrative privileges by opening a specific URL in a browser. This enables the attacker to read and change all system settings. The vulnerable URLs contain "index.pl?Action=Installer" with ";Subaction=Intro", ";Subaction=Start", or ";Subaction=System" appended. **Recommendations** For versions 3.3.x through 3.3.16, avoid using the "index.pl?Action=Installer" URL with ";Subaction=Intro", ";Subaction=Start", or ";Subaction=System" until a patch is available. For versions 4.x through 4.0.23, restrict access to the "index.pl?Action=Installer" URL with ";Subaction=Intro", ";Subaction=Start", or ";Subaction=System" to minimize the risk of exploitation. For versions 5.x through 5.0.19, consider disabling the `Action=Installer` functionality until a fix is provided.