Podatność ZAA-2020-21

Security Advisory Details ID: ZAA-2020-15 Date: 09/22/2020 Title: Application Functionality Can Be Used to perform Server-Side Request Forgery Severity: medium Product: Zammad 1.0.x up to 3.4.0 Fixed in: Zammad 3.4.1, 3.5.0 References: –> CVE: Pending Online version of this advisory: https://zammad.com/en/advisories/zaa-2020-15

Security Advisory Details ID: ZAA-2020-17 Date: 09/22/2020 Title: Tag and Link REST API endpoints lack CSRF token check Severity: low Product: Zammad 1.0.x up to 3.4.0 Fixed in: Zammad 3.4.1, 3.5.0 References: –> CVE: Pending Online version of this advisory: https://zammad.com/en/advisories/zaa-2020-17

Alcatel-Lucent Security Advisory: CVE-2020-1179 (RCE)OTMS remote code executionI have discovered a vulnerability in OpenTouch Multimedia Services, making it possible for an attacker with administration rights to execute code on the server via web requests with high privileges. Description of the…