关键信息概要 Package: otrs2 Version: 3.3.18-1+deb8u10 CVE IDs: CVE-2019-12248, CVE-2019-12497 Vulnerabilities: - CVE-2019-12248: An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. - CVE-2019-12497: In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. Fixed in Debian 8 "Jessie": Version 3.3.18-1+deb8u10. ``` 详细信息 Package: otrs2 Version: 3.3.18-1+deb8u10 CVE IDs: CVE-2019-12248, CVE-2019-12497 Vulnerabilities: - CVE-2019-12248: An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. - CVE-2019-12497: In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. Fixed in Debian 8 "Jessie": Version 3.3.18-1+deb8u10.