CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
References
Link Resource
http://advisories.mageia.org/MGASA-2013-0196.html Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551 Issue Tracking Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*

Information

Published : 2020-02-21 08:15

Updated : 2020-02-26 11:34


NVD link : CVE-2013-3551

Mitre link : CVE-2013-3551


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

otrs

  • otrs_itsm
  • otrs