CVE-2023-5422

Summary

CVE-2023-5422 is a vulnerability affecting OTRS versions 7.0.X before 7.0.47, 8.0.X before 8.0.37, and the Community Edition from 6.0.X through 6.0.34. The issue lies in the email communication functions that use OpenSSL for SSL or TLS communication. Since SSL_get_verify_result() is not employed, certificates are always trusted, making it impossible to ensure their adherence to necessary security requirements. Consequently, an attacker could use an invalid certificate to impersonate a trusted host, employ expired certificates, or carry out other attacks that would be detected if proper certificate validation occurred.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.