What is CVE-2022-32739?

CVE-2022-32739 is a vulnerability in OTRS Calendar Resource Planning and OTRS that allows the release number to be exposed in the ICS file when the Secure::DisableBanner system configuration is disabled and an agent shares their calendar via a public URL.

How severe is CVE-2022-32739?

CVE-2022-32739 has a severity rating of 5.3, which is considered medium.

Which software is affected by CVE-2022-32739?

CVE-2022-32739 affects OTRS Calendar Resource Planning versions 7.0.0 through 7.0.31 and versions 8.0.0 through 8.0.23, as well as OTRS versions 7.0.0 through 7.0.35 and versions 8.0.0 through 8.0.23.

What is the Common Weakness Enumeration (CWE) ID for CVE-2022-32739?

The Common Weakness Enumeration (CWE) ID for CVE-2022-32739 is 200.

How can I fix CVE-2022-32739?

To fix CVE-2022-32739, it is recommended to update OTRS Calendar Resource Planning and OTRS to the latest versions available.

Vulnerability/
CVE-2022-32739

medium

5.3

CWE

200

13/6/2022

3/8/2024

CVE-2022-32739: OTRS version number is always in the exported ICS files

First published: Mon Jun 13 2022(Updated: )

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.

Credit: security@otrs.com

Affected Software	Affected Version	How to fix
Otrs Calendar Resource Planning	>=7.0.0<7.0.31
Otrs Calendar Resource Planning	>=8.0.0<8.0.23
Otrs Otrs	>=7.0.0<7.0.35
Otrs Otrs	>=8.0.0<8.0.23

Remedy

Update to OTRS 8.0.23 or OTRS 7.0.35. Update to OTRSCalendarResourcePlanning 8.0.23 or OTRSCalendarResourcePlanning 7.0.31.

Never miss a vulnerability like this again

Reference Links

https://otrs.com/release-notes/otrs-security-advisory-2022-07/

Frequently Asked Questions

What is CVE-2022-32739?
CVE-2022-32739 is a vulnerability in OTRS Calendar Resource Planning and OTRS that allows the release number to be exposed in the ICS file when the Secure::DisableBanner system configuration is disabled and an agent shares their calendar via a public URL.
How severe is CVE-2022-32739?
CVE-2022-32739 has a severity rating of 5.3, which is considered medium.
Which software is affected by CVE-2022-32739?
CVE-2022-32739 affects OTRS Calendar Resource Planning versions 7.0.0 through 7.0.31 and versions 8.0.0 through 8.0.23, as well as OTRS versions 7.0.0 through 7.0.35 and versions 8.0.0 through 8.0.23.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-32739?
The Common Weakness Enumeration (CWE) ID for CVE-2022-32739 is 200.
How can I fix CVE-2022-32739?
To fix CVE-2022-32739, it is recommended to update OTRS Calendar Resource Planning and OTRS to the latest versions available.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/references
agent/remedy
agent/title
agent/last-modified-date
agent/event
agent/tags
agent/description
agent/first-publish-date
vendor/otrs
canonical/otrs calendar resource planning
version/otrs calendar resource planning/7.0.0
version/otrs calendar resource planning/8.0.0
canonical/otrs otrs
version/otrs otrs/7.0.0
version/otrs otrs/8.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.