CERT

Alcatel-Lucent Security Advisory: CVE-2020-1179 (RCE)OTMS remote code executionI have discovered a vulnerability in OpenTouch Multimedia Services, making it possible for an attacker with administration rights to execute code on the server via web requests with high privileges. Description of the…

Security Advisory Details ID: ZAA-2020-21 Date: 09/22/2020 Title: Stored XSS in Tags element Severity: medium Product: Zammad 1.0.x up to 3.4.0 Fixed in: Zammad 3.4.1, 3.5.0 References: –> CVE: Pending Online version of this advisory: https://zammad.com/en/advisories/zaa-2020-21

Security Advisory Details ID: ZAA-2020-17 Date: 09/22/2020 Title: Tag and Link REST API endpoints lack CSRF token check Severity: low Product: Zammad 1.0.x up to 3.4.0 Fixed in: Zammad 3.4.1, 3.5.0 References: –> CVE: Pending Online version of this advisory: https://zammad.com/en/advisories/zaa-2020-17

Security Advisory Details ID: ZAA-2020-15 Date: 09/22/2020 Title: Application Functionality Can Be Used to perform Server-Side Request Forgery Severity: medium Product: Zammad 1.0.x up to 3.4.0 Fixed in: Zammad 3.4.1, 3.5.0 References: –> CVE: Pending Online version of this advisory: https://zammad.com/en/advisories/zaa-2020-15