You decide the level of support required to ensure your IT solutions run smoothly.

1) SLW: Central European Time (CET) - excluding holidays
2) Take advantage of our Security Advisories for OTRS.

The Experts

We support you on site to bring the best service to you. Excellent people with excellent knowledge make sure that you will succeed.

Your Offer

We offer a large amount of standard workshops, just find out what you need.

Get your offer »

Evaluation Workshop

The evaluation process is the first step in implementing an OTRS solution. Full confidence in both the software and service provider is critical when deciding to invest in any solution. The objective of the evaluation is to provide you with insight into the software's range of functions and capabilities to understand how it may be used to meet your business requirements.

Conceptual Design Workshop

During the conceptual design, organizations work collaboratively with one of our consultants to design the exact specifications for their OTRS implementation. The consultant offers best practice recommendations when designing model structures, processes and workflows and develops all technical specifications for the production environment.

Installation & Configuration Workshop

Benefit from our expertise for successful deployment of mission-critical service solutions. Our consultants will help you to configure OTRS, integrating various IT infrastructure elements and thereby eliminating the need to administer redundant data in various systems.

Review Workshop

As your business evolves, our consultants will assist at re-evaluating and assessing your requirements to uncover unrealized potential within your OTRS solution. If further customization or specialization is required, you have our on-going support and dedication to ensure your organization remains highly adaptable and always competitive.

Troubleshooting/Performance Workshop

Sometimes you run into trouble/performance problems. Then quick and effective help is needed. Our OTRS Consultants will help you to solve any problem you have.

We design and develop your extentions to bring the best service to your customers. With 12 years experience in Helpdesk and Customer Service we will show you things you never dreamt of.

Get your offer »

Feature Extentions/Add-Ons

Get access to our extensions as a foundation for your business needs.

Customization

Work with the OTRS development team to build highly customized and innovative service solutions on OTRS. OTRS developed solutions provide the flexibility and performance businesses require to meet their customer demands.

Your Offer

Just submit your needs and receive your personal offer!

Get your offer »

OTRS Admin Training

We will coach you through setup, backup and restore as well as the configuration of OTRS. The training course is directed at administrators in charge of system configuration, management of users and authorizations and customization according to corporate design.

You will gain in-depth insight into the system's functional mechanisms and, for training purposes, will complete the entire setup and configuration cycle. The main focus will be the SysConfig file and the central configuration file Kernel/Config.pm in order to customize the system conveniently according to your and/or your customers requirements.

Practical elements, e.g. the exemplary integration with email and directory services will be part of the training course as well as learning how to handle ticket ACLs (Active Control Lists) and the modelling of workflows by means of the system.

Duration: 3 days

OTRS Master Training

You operate OTRS already and you got some experience? OTRS can do more than what you see on the normal admin interface!

This course is aimed at OTRS administrators who are safe in their daily work with OTRS, but try to understand the system even further. Learn about hidden features and capabilities of OTRS.

Drive into the world of ACLs, SysConfig and reporting. Learn about tips and tricks for connecting external systems and external authentication.

Duration: 3 days

OTRS Key User Training

The training is aimed at efficient service and support staff, who are getting familiar with OTRS and functions in their daily work should use.

Duration: 1 day

OTRS Developer Training

Already using OTRS, but you are missing a feature? This course will give you more than just a glimpse into the source code and the philosophy of OTRS.

We will show by examples which architecture is behind it and how to effectively develop extensions for it. In exercises, e. g. Postmaster filter and front-end modules, but also develop individual interfaces to external systems, such as a CTI connector.

Duration: 3 days

Features

  • Easy installation and upgrade via Package-Management
  • Enables Package-Verification for Znuny Packages as well

Installation

Download and save the package.

Open Package-Management via Admin->Package-Management, open the Znuny4OTRS-Repo-OPM-Package via "Select File" and click on "Install Package".

After the installation you will find a new Repository [-Addons-] Znuny4OTRS - Public in the DropDown, click on "Update repository information" to get access to the newest Znuny-Packages

Prerequisites

Internetconnection, OTRS 3.1, OTRS 3.2 or OTRS 3.3

Download

|OPM File for Znuny4OTRS-Repo|

Feature Add-Ons

With our support contracts you will be given access and support to our feature add-ons, which will increase the performance of your OTRS installation.

After a certain time period, we will be providing everyone with access to the add-ons by making them public. Ask us for more details!

#1 Znuny4OTRS - Customer Map

Would you like an overview of your open tickets on a map?

This Google Maps extension provides you with the information you need in the form of a dashboard widget.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#2 Znuny4OTRS - Password Policy

The "Password Policy" enables you to define strict password policies. You can individually configure your "Password Policy" via a SysConfig setting (see more in Configuration Options).

Feature List:

  • Enforce a password renewal after X (configurable) days.
  • Password-History to use the password X (configurable) times not to use again.
  • Disable account after X (configurable) invalid login attempts.
  • Min size of the password.
  • Need at least 2 small and 2 big letters in a password.
  • Need at least 2 letters in a password.
  • Need at least 1 number in a password.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#3 Znuny4OTRS - Escalation suspend

You want to suspend a ticket escalation because you need feedback from somebody else?

Do you wish to suspend a ticket escalation because you need feedback from somebody else? With this extension you may suspend escalations by using ticket states that are defined as "No escalation". The escalation will continue once the ticket has returned to its normal ticket state. You may define the "No escalation" states via SysConfig.

You may define the "no escalation" states via SysConfig.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#4 Znuny4OTRS - CI Attachments

This package enables file uploads into the CMDB of OTRS ITSM. You may save attachments as Configuration Items (CI) directly in the CMDB.

Every time a new file is added, a new version of the CI will be automatically generated.

Prerequisites

OTRS ITSM 3.1

Znuny Add-On Support | Download (via Support-Subscription)

#5 Znuny4OTRS - CTI Integration

This package integrates your telephone system in OTRS. For incoming calls, the telephone ticket interface is displayed with the corresponding customer data (identified by caller ID). For outgoing calls, a call can be directly initiated by clicking on the customers telephone number.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#6 Znuny4OTRS - Ticket Workflows

Define workflows via the admin interface (any number from 1 to x tickets).

The following attributes can be defined:

  • Queue
  • Owner
  • Responsible
  • Priority
  • Subject
  • Text
  • Attachments
  • Time units

Within a workflow individual tickets/tasks can be linked to another ticket/task. Via a dashboard widget every agent is given a fast overview of their tickets/tasks.

Prerequisites

OTRS 3.1

Znuny Add-On Support | Download (via Support-Subscription)

#7 Znuny4OTRS - Watch List

With this package you are able to see, add and individually remove all agents watching a ticket.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Download (via Support-Subscription)

#8 Znuny4OTRS - Tag Cloud

This package enables you to "tag" a ticket. In the dashboard widget a tag cloud shows you trends or hotspots in your field of responsibility.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Download (via Support-Subscription)

#9 Znuny4OTRS - Second/Additional Ticket Create Screen

This package gives you an additional Ticket-Create-Screen (phone and e-mail) with its own config parameters so that different departments might work with their own Ticket Create Screens.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#10 Znuny4OTRS - Sort by last contact

This package allows you to sort your tickets by your last contact. This feature will be available in Queue-View, Status-View und Locked-Tickets-View.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#11 Znuny4OTRS - External URL/Link

This package enables you to include an external URL/Link in your customer - navigationbar or in your agents overview so that you might refer to internal ressources

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#12 Znuny4OTRS - Quick-Close

This package gives you a Quick-Close button in your ticket overview (Queue-View, Escalation-Viewt and Status-view).

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#13 Znuny4OTRS - Extended proxy assistence

In case you configured a http/ftp proxy in OTRS to access external ressources but you need a list of exceptions to access local http/ftp ressources, this will be your file.

Configuration via Admin-Interface (SysConfig) Proxy-Exceptions.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#14 Znuny4OTRS - AD Password Change

Your Agents authenticate themselves over an Active Directory? With this package you are able to change your AD password over preferences.

Prerequisites

OTRS 3.1 or OTRS 3.2

Znuny Add-On Support | Download (via Support-Subscription)

#15 Znuny4OTRS - AttachmentMultiUpload

You need to attach multiple files to a ticket? With this package you are able to attach all of them with one upload.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3 and a HTML5 compatible browser - Firefox 26+, Chrome 31+, Safari 7+, IE 10+.

Znuny Add-On Support | Install via Znuny4OTRS | Github

#16 Znuny4OTRS - PDFSearch

Do you recive a lot of PDF Files? This package allows you to perfom a full text search on all recived PDF files. This add-on is powered by PDFLib.

Prerequisites

OTRS 3.2 or OTRS 3.3.

Znuny Add-On Support | Install via Znuny4OTRS

#17 Znuny4OTRS - MarkTicketSeenUnseen

You need to mark a ticket or article as unread to read it later or mark complete tickets as read? With this package you are able to mark a whole ticket with all articles or single articles as unread again. Additionally single or multiple tickets can be marked as seen.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#18 Znuny4OTRS - DownloadAllAttachments

You don't want to download every single attachment of a ticket by hand? With this package you are able to download all attachments of an article or the whole ticket as a zip file at once.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

#19 Znuny4OTRS - Services/Company (CustomerID) relations

In OTRS standard you can "only" manage a service / customer user relation (CustomerUserID). With this addon now you can also manage the services / company (CustomerID) relation.

Prerequisites

OTRS 3.3

Znuny Add-On Support | Download (via Support-Subscription)

#20 Znuny4OTRS - Excel stats

In OTRS standard you can "only" generate statistics in the CSV and PDF format. Therefore it's not possible to preformat the statistics before importing them into Excel or OpenOffice. With this addon you can preformat existing or new statistics and genereate them in the Excel format.

Prerequisites

OTRS 3.1, OTRS 3.2 or OTRS 3.3

Znuny Add-On Support | Download (via Support-Subscription)

#21 Znuny4OTRS - Highlight matching articles for fulltext search

In OTRS standard it's not possible to determine which articles were matching a previous fulltext search when in the zoom view. With this addon all matching articles for a fulltext search get highlighted in the article tree.

Prerequisites

OTRS 3.3

Znuny Add-On Support | Install via Znuny4OTRS | Github

2001 - Martin Edenhofer started the OTRS.org Projekt, with the simple idea to make things easier for communication between customers and organizations.

2002 - Martin did the first OTRS Consulting job (replaced ARS with OTRS).

2003 - Because of many requests, Martin and three colleagues started the commercial part of OTRS.org, the OTRS GmbH.

2004 - The 1. place in "Open Source Best Practice Award" of the Fraunhofer Institut in the category "public range" went to the city “Muelheim an der Ruhr” for the HelpDesk solution with OTRS.

2005 - NASA was using OTRS.

2007 - OTRS GmbH become OTRS AG.

2011 - Martin moved out from OTRS AG.

2012 - Znuny GmbH was founded by Martin with the Vision to give best independent OTRS service to the market.

2013 - New happy customer, just a short collection Commerzbank AG, DZ BANK AG and Deutsche WertpapierService Bank AG.

2014 - Establishment of Znuny Swiss GmbH as independent OTRS service provider dedicated for Switzerland.

Management

Martin Edenhofer

CEO/Managing Director

Martin Edenhofer (35) is one of the Linux pioneers and inventors of open-source software in Germany. Edenhofer is the founder of the OTRS.org project and made a significant contribution to the development of the OTRS trouble ticket system. After several years working as a developer at SuSE Linux AG working on STTS (SuSE’s own trouble ticket system), Edenhofer moved from Nuremberg to Frankfurt am Main in 2001 to take on the role of a Project Manager for Lufthansa Systems. In 2003 he founded OTRS GmbH (later known as OTRS AG), where he worked as Chief Technical Officer.

XING | LinkedIn | Blog | Twitter
Znuny GmbH
Marienstraße 11
10117 Berlin
Germany

P +49 (0) 30 60 98 54 18-0
F +49 (0) 30 60 98 54 18-8
E info@znuny.com
W http://znuny.com
Managing Director: Martin Edenhofer
Commercial register/Handelsregister Charlottenburg, Nr. HRB 139852 B
Business location: Berlin (Mitte)
Tax number: 37/260/21789

Znuny Swiss GmbH
Martinsbruggstrasse 35
9016 St. Gallen
Switzerland

P +41 (0) 71 588 03 39
E info@znuny.ch
W http://znuny.ch
Managing Director: Martin Edenhofer
Business location: St. Gallen
Commercial register/Handelsregisteramt: Kanton St. Gallen, Nr. CHE-134.912.543

Znuny Information Technology Co., Ltd.
D610 Pufa Plaza, #1759 North Zhongshan Rd.
200061 Shanghai
China

P +86 (0) 181 0179 2535
F +86 (0) 21 6139 0616
E info@znuny.cn
W http://znuny.cn

Get informed!

Do you want to get informed about security issues in OTRS? Subscribe here.

List of Advisories

#TitleCVESeverityDate
ZSA-2014-05Clickjacking issue2014-2554Low2014-04-02
ZSA-2014-04XSS issue2014-2553Low2014-04-02
ZSA-2014-03XSS attack via HTML-Email2014-1695Low2014-03-03
ZSA-2014-02SQL injection with valid login2014-1471Medium2014-01-28
ZSA-2014-01XSS Issue in Customer-Interface2014-1694Low2014-01-28
ZSA-2013-05SQL injection / XSS Issue2013-4717/4718Medium2013-07-09
ZSA-2013-04Information disclosure and Data manipulation2013-4088Medium2013-06-18
ZSA-2013-03Information disclosure and Data manipulation2013-3551Medium2013-06-03
ZSA-2013-02XSS attack2013-2637Low2013-04-03
ZSA-2013-01Information disclosure and Data manipulation2013-2625Medium2013-04-03
ZSA-2012-03XSS attack in Firefox and Opera2012-4751Critical2012-10-16
ZSA-2012-02XSS attack in Firefox and Opera2012-4600Critical2012-08-30
ZSA-2012-01XSS attack in Internet Explorer2012-2582Critical2012-08-17

Details

IDZSA-2014-05
Date2014-04-02
TitleClickjacking issue
SeverityLow
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.21, 3.2.16, 3.3.6
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-05
CVE2014-2554

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could embed OTRS in a hidden <iframe> tag of another page, tricking the user into clicking links in OTRS.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.20, 3.2.x up to and including 3.2.15 and 3.3.x up to and including 3.3.5.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-04
Date2014-04-02
TitleXSS issue
SeverityLow
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.21, 3.2.16, 3.3.6
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-04
CVE2014-2553

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.20, 3.2.x up to and including 3.2.15 and 3.3.x up to and including 3.3.5.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-03
Date2014-03-03
TitleXSS attack via HTML-Email
SeverityLow
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.20, 3.2.15, 3.3.5
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-03
CVE2014-1695

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious JavaScript code by sending a prepared HTML email into OTRS.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.19, 3.2.x up to and including 3.2.14 and 3.3.x up to and including 3.3.4.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-02
Date2014-01-28
TitleSQL Injection with valid login
SeverityMedium
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.19, 3.2.14, 3.3.4
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-02
CVE2014-1471

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid login could manipulate URLs leading to SQL injection.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.18, 3.2.x up to and including 3.2.13 and 3.3.x up to and including 3.3.3.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-01
Date2014-01-28
TitleXSS Issue in Customer-Interface
Severitymedium
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.19, 3.2.14, 3.3.4
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-01
CVE2014-1694
BugID10099

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could inject JavaScript code which would be executed by the browser of a user with valid customer login.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.18, 3.2.x up to and including 3.2.14 and 3.3.x up to and including 3.3.3.

Fixes

This vulnerability is fixed in OTRS. We recommend to update to the new Versions.

Download

OTRS Releases:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2012-01
Date2012-08-17
TitleXSS attack in Internet Explorer possible
SeverityCritical
ProductOTRS 3.1.x, OTRS 3.0.x, OTRS 2.4.x
Fixed inOTRS 3.1.9, OTRS 3.0.15, OTRS 2.4.13 or by installing the addon package Znuny4OTRS-CVE-2012-2582
URLhttp://znuny.com/en/ #!/advisory/ZSA-2012-01
CVECVE-2012-2582
VUVU#582879

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS.

Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.12, OTRS 3.0.x up to and including 3.0.14, as well as all 3.1.x versions up to and including 3.1.8.

Fixes

This vulnerability is not fixed in OTRS. We recommend to install the Znuny4OTRS-CVE-2012-2582 addon package.

Update 2012-08-23: In the meantime there is also a Software-Update available from the vendor, please see details.

Download

Workaround

As workaround you need to disable the rich text feature via sys config.

References

Demo

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2012-02
Date2012-08-30
TitleXSS attack in Firefox and Opera possible
SeverityCritical
ProductOTRS 3.1.x, OTRS 3.0.x, OTRS 2.4.x
Fixed inOTRS 3.1.10, OTRS 3.0.16, OTRS 2.4.14
URLhttp://znuny.com/en/ #!/advisory/ZSA-2012-02
CVECVE-2012-4600
VUVU#511404

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS.

Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.13, OTRS 3.0.x up to and including 3.0.15, as well as all 3.1.x versions up to and including 3.1.9.

Fixes

This vulnerability is fixed in OTRS (release of OTRS 3.1.10, OTRS 3.0.16 and OTRS 2.4.14 will be published on 30 Aug 2012).

Download

Workaround I

As workaround you need to disable the rich text feature via sys config.

Workaround II

As workaround it is also possible to replace the following files with the fixed version:

OTRS 3.1.x:

OTRS 3.0.x:

OTRS 2.4.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2012-03
Date2012-10-16
TitleXSS attack in Firefox and Opera possible
SeverityCritical
ProductOTRS 3.1.x, OTRS 3.0.x, OTRS 2.4.x
Fixed inOTRS 3.1.11, OTRS 3.0.17, OTRS 2.4.15
URLhttp://znuny.com/en/ #!/advisory/ZSA-2012-03
CVECVE-2012-4751
VUVU#603276

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS.

Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.14, OTRS 3.0.x up to and including 3.0.15, as well as all 3.1.x versions up to and including 3.1.10.

Fixes

This vulnerability is fixed in OTRS (release of OTRS 3.1.11, OTRS 3.0.17 and OTRS 2.4.15 will be published on 16 Oct 2012).

Download

Workaround I

As workaround you can disable the rich text feature via sys config.

Workaround II

As workaround it is also possible to replace the following files with the fixed version:

OTRS 3.1.x:

OTRS 3.0.x:

OTRS 2.4.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-01
Date2013-04-03
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS 3.0.x, 3.1.x, 3.2.x; OTRS ITSM 3.0.x, 3.1.x, 3.2.x; FAQ 2.0.x, 2.1.x, 2.2.x
Fixed inOTRS Help Desk 3.0.19, 3.1.14, 3.2.4; OTRS ITSM 3.2.4, 3.1.8, 3.0.7; FAQ 2.2.3, 2.1.4, 2.0.8
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-01
CVECVE-2013-2625

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed.

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.18, 3.1.x up to and including 3.1.13 and 3.2.x up to and including 3.2.3, as well as OTRS ITSM 3.0.x up to and including 3.0.6, 3.1.x up to and including 3.1.7 and 3.2.x up to and including 3.2.3, as well as FAQ 2.0.x up to and including 2.0.7, 2.1.x up to and including 2.1.3 and 2.2.x up to and including 2.2.2.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

  • Kernel/Modules/AgentLinkObject.pm
  • Kernel/System/LinkObject.pm
  • Kernel/System/LinkObject/Ticket.pm

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-02
Date2013-04-03
TitleXSS vulnerability
SeverityLow
ProductOTRS ITSM 3.2.x, OTRS ITSM 3.1.x, OTRS ITSM 3.0.x, FAQ 2.1.x, FAQ 2.0.x
Fixed inOTRS ITSM 3.2.4, 3.1.8, 3.0.7; FAQ 2.1.4, 2.0.8
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-02
CVECVE-2013-2637

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login and with permission to write changes, workorder items or FAQ articles could inject JavaScript code into the articles which would be executed by the browser of other users reading the article.

Affected by this vulnerability are all releases of OTRS ITSM 3.0.x up to and including 3.0.6, 3.1.x up to and including 3.1.7 and 3.2.x up to and including 3.2.3 as well as FAQ 2.0.x up to and including 2.0.7 and 2.1.x up to and including 2.1.3.

Fixes

This vulnerability is fixed in OTRS. We recommend to update to the new Versions.

Download

Just Update the OPM Packages via the Packet Manager.

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-03
Date2013-06-03
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS Help Desk 3.0.x, 3.1.x, 3.2.x; OTRS ITSM 3.0.x, 3.1.x, 3.2.x;
Fixed inOTRS Help Desk 3.0.20, 3.1.16, 3.2.7; OTRS ITSM 3.2.5, 3.1.9, 3.0.8;
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-03
CVECVE-2013-3551

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets that are not obliged to be seen.

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.19, 3.1.x up to and including 3.1.15 and 3.2.x up to and including 3.2.6, as well as OTRS ITSM 3.0.x up to and including 3.0.7, 3.1.x up to and including 3.1.8 and 3.2.x up to and including 3.2.4.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

  • Kernel/Modules/AgentTicketPhone.pm

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-04
Date2013-06-18
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS Help Desk 3.0.x, 3.1.x, 3.2.x
Fixed inOTRS Help Desk 3.0.21, 3.1.17, 3.2.8
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-04
CVECVE-2013-4088

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets that are not obliged to be seen.

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.20, 3.1.x up to and including 3.1.16 and 3.2.x up to and including 3.2.7.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-05
Date2013-07-09
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS Help Desk 3.0.x, 3.1.x, 3.2.x; OTRS ITSM 3.0.x, 3.1.x, 3.2.x;
Fixed inOTRS Help Desk 3.0.22, 3.1.18, 3.2.9; OTRS ITSM 3.2.7, 3.1.10, 3.0.9;
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-05
CVECVE-2013-4717/4718

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection (XSS) problem

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.21, 3.1.x up to and including 3.1.17 and 3.2.x up to and including 3.2.8, as well as OTRS ITSM 3.0.x up to and including 3.0.8, 3.1.x up to and including 3.1.9 and 3.2.x up to and including 3.2.6.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-05
Date2014-04-02
TitleClickjacking issue
SeverityLow
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.21, 3.2.16, 3.3.6
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-05
CVE2014-2554

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could embed OTRS in a hidden <iframe> tag of another page, tricking the user into clicking links in OTRS.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.20, 3.2.x up to and including 3.2.15 and 3.3.x up to and including 3.3.5.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-04
Date2014-04-02
TitleXSS issue
SeverityLow
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.21, 3.2.16, 3.3.6
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-04
CVE2014-2553

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.20, 3.2.x up to and including 3.2.15 and 3.3.x up to and including 3.3.5.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-03
Date2014-03-03
TitleXSS attack via HTML-Email
SeverityLow
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.20, 3.2.15, 3.3.5
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-03
CVE2014-1695

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious JavaScript code by sending a prepared HTML email into OTRS.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.19, 3.2.x up to and including 3.2.14 and 3.3.x up to and including 3.3.4.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-02
Date2014-01-28
TitleSQL Injection with valid login
SeverityMedium
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.19, 3.2.14, 3.3.4
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-02
CVE2014-1471

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid login could manipulate URLs leading to SQL injection.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.18, 3.2.x up to and including 3.2.13 and 3.3.x up to and including 3.3.3.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2014-01
Date2014-01-28
TitleXSS Issue in Customer-Interface
Severitymedium
ProductOTRS Help Desk 3.1.x, 3.2.x, 3.3.x;
Fixed inOTRS Help Desk 3.1.19, 3.2.14, 3.3.4
URLhttp://znuny.com/en/ #!/advisory/ZSA-2014-01
CVE2014-1694
BugID10099

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could inject JavaScript code which would be executed by the browser of a user with valid customer login.

Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.18, 3.2.x up to and including 3.2.14 and 3.3.x up to and including 3.3.3.

Fixes

This vulnerability is fixed in OTRS. We recommend to update to the new Versions.

Download

OTRS Releases:

Workaround

As workaround you may update the affected files directly:

OTRS 3.3.x:

OTRS 3.2.x:

OTRS 3.1.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2012-01
Date2012-08-17
TitleXSS attack in Internet Explorer possible
SeverityCritical
ProductOTRS 3.1.x, OTRS 3.0.x, OTRS 2.4.x
Fixed inOTRS 3.1.9, OTRS 3.0.15, OTRS 2.4.13 or by installing the addon package Znuny4OTRS-CVE-2012-2582
URLhttp://znuny.com/en/ #!/advisory/ZSA-2012-01
CVECVE-2012-2582
VUVU#582879

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS.

Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.12, OTRS 3.0.x up to and including 3.0.14, as well as all 3.1.x versions up to and including 3.1.8.

Fixes

This vulnerability is not fixed in OTRS. We recommend to install the Znuny4OTRS-CVE-2012-2582 addon package.

Update 2012-08-23: In the meantime there is also a Software-Update available from the vendor, please see details.

Download

Workaround

As workaround you need to disable the rich text feature via sys config.

References

Demo

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2012-02
Date2012-08-30
TitleXSS attack in Firefox and Opera possible
SeverityCritical
ProductOTRS 3.1.x, OTRS 3.0.x, OTRS 2.4.x
Fixed inOTRS 3.1.10, OTRS 3.0.16, OTRS 2.4.14
URLhttp://znuny.com/en/ #!/advisory/ZSA-2012-02
CVECVE-2012-4600
VUVU#511404

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS.

Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.13, OTRS 3.0.x up to and including 3.0.15, as well as all 3.1.x versions up to and including 3.1.9.

Fixes

This vulnerability is fixed in OTRS (release of OTRS 3.1.10, OTRS 3.0.16 and OTRS 2.4.14 will be published on 30 Aug 2012).

Download

Workaround I

As workaround you need to disable the rich text feature via sys config.

Workaround II

As workaround it is also possible to replace the following files with the fixed version:

OTRS 3.1.x:

OTRS 3.0.x:

OTRS 2.4.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2012-03
Date2012-10-16
TitleXSS attack in Firefox and Opera possible
SeverityCritical
ProductOTRS 3.1.x, OTRS 3.0.x, OTRS 2.4.x
Fixed inOTRS 3.1.11, OTRS 3.0.17, OTRS 2.4.15
URLhttp://znuny.com/en/ #!/advisory/ZSA-2012-03
CVECVE-2012-4751
VUVU#603276

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS.

Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.14, OTRS 3.0.x up to and including 3.0.15, as well as all 3.1.x versions up to and including 3.1.10.

Fixes

This vulnerability is fixed in OTRS (release of OTRS 3.1.11, OTRS 3.0.17 and OTRS 2.4.15 will be published on 16 Oct 2012).

Download

Workaround I

As workaround you can disable the rich text feature via sys config.

Workaround II

As workaround it is also possible to replace the following files with the fixed version:

OTRS 3.1.x:

OTRS 3.0.x:

OTRS 2.4.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-01
Date2013-04-03
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS 3.0.x, 3.1.x, 3.2.x; OTRS ITSM 3.0.x, 3.1.x, 3.2.x; FAQ 2.0.x, 2.1.x, 2.2.x
Fixed inOTRS Help Desk 3.0.19, 3.1.14, 3.2.4; OTRS ITSM 3.2.4, 3.1.8, 3.0.7; FAQ 2.2.3, 2.1.4, 2.0.8
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-01
CVECVE-2013-2625

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed.

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.18, 3.1.x up to and including 3.1.13 and 3.2.x up to and including 3.2.3, as well as OTRS ITSM 3.0.x up to and including 3.0.6, 3.1.x up to and including 3.1.7 and 3.2.x up to and including 3.2.3, as well as FAQ 2.0.x up to and including 2.0.7, 2.1.x up to and including 2.1.3 and 2.2.x up to and including 2.2.2.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

  • Kernel/Modules/AgentLinkObject.pm
  • Kernel/System/LinkObject.pm
  • Kernel/System/LinkObject/Ticket.pm

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-02
Date2013-04-03
TitleXSS vulnerability
SeverityLow
ProductOTRS ITSM 3.2.x, OTRS ITSM 3.1.x, OTRS ITSM 3.0.x, FAQ 2.1.x, FAQ 2.0.x
Fixed inOTRS ITSM 3.2.4, 3.1.8, 3.0.7; FAQ 2.1.4, 2.0.8
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-02
CVECVE-2013-2637

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login and with permission to write changes, workorder items or FAQ articles could inject JavaScript code into the articles which would be executed by the browser of other users reading the article.

Affected by this vulnerability are all releases of OTRS ITSM 3.0.x up to and including 3.0.6, 3.1.x up to and including 3.1.7 and 3.2.x up to and including 3.2.3 as well as FAQ 2.0.x up to and including 2.0.7 and 2.1.x up to and including 2.1.3.

Fixes

This vulnerability is fixed in OTRS. We recommend to update to the new Versions.

Download

Just Update the OPM Packages via the Packet Manager.

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-03
Date2013-06-03
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS Help Desk 3.0.x, 3.1.x, 3.2.x; OTRS ITSM 3.0.x, 3.1.x, 3.2.x;
Fixed inOTRS Help Desk 3.0.20, 3.1.16, 3.2.7; OTRS ITSM 3.2.5, 3.1.9, 3.0.8;
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-03
CVECVE-2013-3551

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets that are not obliged to be seen.

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.19, 3.1.x up to and including 3.1.15 and 3.2.x up to and including 3.2.6, as well as OTRS ITSM 3.0.x up to and including 3.0.7, 3.1.x up to and including 3.1.8 and 3.2.x up to and including 3.2.4.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

  • Kernel/Modules/AgentTicketPhone.pm

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-04
Date2013-06-18
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS Help Desk 3.0.x, 3.1.x, 3.2.x
Fixed inOTRS Help Desk 3.0.21, 3.1.17, 3.2.8
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-04
CVECVE-2013-4088

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets that are not obliged to be seen.

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.20, 3.1.x up to and including 3.1.16 and 3.2.x up to and including 3.2.7.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.

Details

IDZSA-2013-05
Date2013-07-09
TitleInformation disclosure and Data manipulation
SeverityMedium
ProductOTRS Help Desk 3.0.x, 3.1.x, 3.2.x; OTRS ITSM 3.0.x, 3.1.x, 3.2.x;
Fixed inOTRS Help Desk 3.0.22, 3.1.18, 3.2.9; OTRS ITSM 3.2.7, 3.1.10, 3.0.9;
URLhttp://znuny.com/en/ #!/advisory/ZSA-2013-05
CVECVE-2013-4717/4718

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection (XSS) problem

Affected by this vulnerability are all releases of OTRS 3.0.x up to and including 3.0.21, 3.1.x up to and including 3.1.17 and 3.2.x up to and including 3.2.8, as well as OTRS ITSM 3.0.x up to and including 3.0.8, 3.1.x up to and including 3.1.9 and 3.2.x up to and including 3.2.6.

Fixes

This vulnerability is fixed in OTRS. We recommend to upgrade to the latest Version.

Download

OTRS Release:

OPM Packages:

Just Update the OPM Packages via the Packet Manager.

Workaround

As workaround you may update the affected files directly:

OTRS 3.2.x:

OTRS 3.1.x:

OTRS 3.0.x:

References

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.