This vulnerability is fixed in OTRS 2.4.14, 3.0.16 and 3.1.10 and it is recommended to upgrade to one of these versions.
Fixed OTRS releases can be found at: http://www.otrs.com/open-source/community-news/releases-notes/
As a workaround it is also possible to replace the following files with a fixed version.
They are also available on http://source.otrs.org/viewvc.cgi/otrs/.
pub 2048R/9C227C6B 2011-03-21 [expires at: 2014-03-20]