EriZone – Security Advisory

Posted by on Nov 27, 2017 in EriZone & OTRS, EriZone Security Advisories | 0 comments

A vulnerability has been detected on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS 3.3.x, Erizone 3.x and EriZone 5.x systems.

This vulnerability takes advantage of a Code injection in Kernel/System/Spelling.pm and is classified with a severity of 8.6 (high).

To guarantee the security of your system, we recommend applying last released patches.

 
For EriZone 5.2:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade the packages strictly in the following sequence:

  • EriZoneCore
  • EriZoneTheme

 

For EriZone 3.6:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade package:

  • EriZoneCore

 

For both systems, after previous procedure use a console to launch following commands:

  • /opt/otrs/scripts/EriZone/erizone.global_makelink
  • /opt/otrs/scripts/EriZone/Permissions.sh
  • /opt/otrs/scripts/EriZone/RestartEriZone.sh

 

Further information regarding this topic can be found on https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/

The update on Erizone 5.2 will also fix some other theme bugs.

 


 

Technical details:

  • Date: 2017-11-21
  • Title: Remote code execution
  • Severity: 8.6 high
  • Product: OTRS 3.3.*, EriZone 3.* and EriZone 5.*
  • ID: OSA-2017-07
Read More

EriZone to EriZone communication via web services

Posted by on Nov 14, 2017 in EriZone & OTRS | 0 comments

EriZone_GI

The Generic Interface (GI) is an OTRS framework that allows EriZone5 to communicate with other systems via web service. The communication can be bidirectional: EriZone5 can act both as a service provider and/or as a service requestor.
You can use the GI to define a “Webservice” and to configure its behavior as a requestor and/or a provider. “Operations” can be defined and configured in order to perform the requested actions internally. In the other case, when a request should be performed by a remote system, “Invokers” can be defined and configured to forward the request. Inside both the Operations and the Invokers it is possible to define, when required, a data mapping between the communicating systems in order to receive/send formatted data.
For both the provider and the requestor you can define the “Network transport” which is the protocol over which OTRS/EriZone5 will communicate with the remote systems (e.g. another EriZone5 server).

A simple example of a webservice where EriZone5 is acting as a requestor

A simple example of a webservice where EriZone5 is acting as a requestor

Read More

NetEye & EriZone User Group: il programma

Posted by on Sep 25, 2017 in EriZone & OTRS, NetEye | 0 comments

UserGroup

NetEye & EriZone User Group

Sfide e opportunità per l’IT Management 4.0

Connectbay, Mantova, Giovedì 19 ottobre 11:00 – 17:00

Vi aspettiamo il 19 ottobre al NetEye & EriZone User Group. L’evento offrirà un’occasione unica a tutti i nostri clienti per scoprire le ultime novità nell’IT System & Service Management, individuare i requisiti necessari per adeguarsi al GDPR (General Data Protection Regulation) e partecipare attivamente alla definizione della fase evolutiva delle nostre soluzioni.

A chi è rivolto l’evento:

A tutti i clienti e utilizzatori di NetEye e EriZone.

Data e location:

  •  Giovedì, 19 ottobre 2017, ore 11:00 – 17:00
  •  Connectbay, via Rita Castagna 1, Mantova

Il programma:

    •  Ecco il programma [PDF]

 

La partecipazione è gratuita e può essere estesa anche ai vostri colleghi. Per registrarsi è sufficiente inviare una email al seguente indirizzo usergroup@wuerth-phoenix.com.
Read More

Our contribution to the “Digital Business Forum”

Posted by on Sep 22, 2017 in EriZone & OTRS, NetEye | 0 comments

Digital Business Transformation has more than ever a strong impact on enterprise business models, the way we work and on how operational processes are faultlessly supported by high availability IT services. Best practices to leverage these changes and transform them into opportunities was the main topic of the “Digital Business Forum”, held last week in Bolzano.

Experts form Microsoft Austria, the Fraunhofer Institute, the University of Bolzano and Würth Phoenix highlighted practical experiences and gave insights on their mid-term market visions to stimulate a new way of doing business. See here a brief video-summary of the event.

Read More

EriZone – Security Advisory

Posted by on Sep 21, 2017 in EriZone & OTRS, EriZone Security Advisories | 0 comments

A vulnerability has been detected on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS 3.3.x, Erizone 3.x and EriZone 5.x systems.

This vulnerability takes advantage of a hole in agent statistics module and has been classified with a “high” risk.

To guarantee the security of your system, we recommend applying last released patches.

 
For EriZone 5.2:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade the packages strictly in the following sequence:

  • EriZoneCore
  • EriZoneServiceDeskEnhancement
  • EriZoneTheme

 

For EriZone 3.6:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade package:

  • EriZoneCore

 

For both systems, after previous procedure use a console to launch following commands:

  • /opt/otrs/scripts/EriZone/erizone.global_makelink
  • /opt/otrs/scripts/EriZone/Permissions.sh
  • /opt/otrs/scripts/EriZone/RestartEriZone.sh

 

Further information regarding this topic can be found on https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/

The update for Erizone 5.2 will also fix two more bugs.

 


 

Technical details:

  • Date: 2017-09-19
  • Title: Code Injection / Privilege Escalation OTRS
  • Severity: High
  • Product: OTRS 3.3.*, EriZone 3.* and EriZone 5.*
  • ID: OSA-2017-04
Read More