È stata scoperta una vulnerabilità nell’interfaccia agente dei sistemi EriZone – OTRS che coinvolge tutti i sistemi OTRS 3.3.*, Erizone 3.x ed Erizone 5.x.
Tale vulnerabilità sfrutta una falla nel sistema di statistiche lato agente e gli è stata assegnata una criticità di livello alto.
Al fine di garantire la sicurezza del sistema è consigliabile applicare le ultime patch rilasciate.
Per EriZone 5.2:
Via Admin >> Package Manager
Cliccare su “Update repository information” ed aggiornare i pacchetti in questo esatto ordine:
EriZoneCore
EriZoneServiceDeskEnhancement
EriZoneTheme
Per EriZone 3.6:
Via Admin >> Package Manager
Cliccare su “Update repository information” ed aggiornare il pacchetto:
EriZoneCore
Per entrambi i sistemi, collegarsi poi in SSH sulla macchina ed eseguire I seguenti comandi:
Synopsis Critical: NeDi security update Type/Severity Security Advisory: Critical Topic An update for NeDi is now available for NetEye. NetEye Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base Read More
Synopsis Critical: Icinga Web 2 security update Type/Severity Security Advisory: Critical Topic An update for Icinga Web 2 is now available for NetEye 4.12 and 4.13. NetEye Product Security has rated this update as having a security impact of Critical. Read More
A vulnerability has been detected on the Nagios web interface. Attackers may exploit this vulnerability to gain access to sensitive information or crash the affected application, denying service to legitimate users. To guarantee the security of your system, we recommend Read More
A vulnerability has been detected on EriZone - OTRS systems. This vulnerability is classified with a severity of 7.2 (high). Further information regarding this topic can be found at https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/ To guarantee the security of your system, we recommend applying last Read More
A vulnerability has been detected on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS 3.3.x, Erizone 3.x and EriZone 5.x systems. This vulnerability takes advantage of a Code injection in Kernel/System/Spelling.pm and Read More