Vulnerabilites related to otrs - otrs_help_desk
CVE-2013-2625 (GCVE-0-2013-2625)
Vulnerability from cvelistv5
Published
2019-11-27 18:08
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-2625 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/58936 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83287 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2625",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"name": "http://www.securityfocus.com/bid/58936",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/58936"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2625",
"datePublished": "2019-11-27T18:08:35",
"dateReserved": "2013-03-18T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9324 (GCVE-0-2014-9324)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62188 | third-party-advisory, x_refsource_SECUNIA | |
| http://advisories.mageia.org/MGASA-2015-0031.html | x_refsource_CONFIRM | |
| https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59875 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/62662 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:043 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62188"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0031.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"name": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9324",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-27 19:15
Modified
2024-11-21 01:52
Severity ?
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE24232-72B7-40BC-BDC9-4889D3C80842",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51091CA-6321-45F1-9FAA-EB45AF1949BA",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9DC926-6983-499F-964B-5EB88112B522",
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1A2A1D-F946-47E6-8183-A971AF6EC301",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B820B3-72F1-43C3-80B1-D0C18DE1C261",
"versionEndExcluding": "3.1.14",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28F96A54-4D16-4166-B422-E55C2D5C82FD",
"versionEndExcluding": "3.2.4",
"versionStartExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D294EC50-C72B-4DF4-A868-4AE6A8FDCFED",
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23D8BE-818F-4F17-93C4-6E35840648AD",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B9FDF3-4FE0-4C4E-80D2-4EE05CA898D6",
"versionEndExcluding": "3.2.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
},
{
"lang": "es",
"value": "Existe un problema de Omisi\u00f3n de Acceso en OTRS Help Desk versiones anteriores a la versi\u00f3n 3.2.4, 3.1.14 y 3.0.19, OTRS ITSM versiones anteriores a la versi\u00f3n 3.2.3, 3.1.8 y 3.0.7, y FAQ versiones anteriores a la versi\u00f3n 2.2.3, 2.1.4, y 2.0.8. Los derechos de acceso por el mecanismo de enlace de objetos no son comprobados."
}
],
"id": "CVE-2013-2625",
"lastModified": "2024-11-21T01:52:03.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T19:15:11.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs_help_desk | 3.2.0 | |
| otrs | otrs_help_desk | 3.2.1 | |
| otrs | otrs_help_desk | 3.2.2 | |
| otrs | otrs_help_desk | 3.2.3 | |
| otrs | otrs_help_desk | 3.2.4 | |
| otrs | otrs_help_desk | 3.2.5 | |
| otrs | otrs_help_desk | 3.2.6 | |
| otrs | otrs_help_desk | 3.2.7 | |
| otrs | otrs_help_desk | 3.2.8 | |
| otrs | otrs_help_desk | 3.2.9 | |
| otrs | otrs_help_desk | 3.2.10 | |
| otrs | otrs_help_desk | 3.2.11 | |
| otrs | otrs_help_desk | 3.2.12 | |
| otrs | otrs_help_desk | 3.2.13 | |
| otrs | otrs_help_desk | 3.2.14 | |
| otrs | otrs_help_desk | 3.2.15 | |
| otrs | otrs_help_desk | 3.2.16 | |
| otrs | otrs_help_desk | 3.3.0 | |
| otrs | otrs_help_desk | 3.3.1 | |
| otrs | otrs_help_desk | 3.3.2 | |
| otrs | otrs_help_desk | 3.3.3 | |
| otrs | otrs_help_desk | 3.3.4 | |
| otrs | otrs_help_desk | 3.3.5 | |
| otrs | otrs_help_desk | 3.3.6 | |
| otrs | otrs_help_desk | 3.3.7 | |
| otrs | otrs_help_desk | 3.3.8 | |
| otrs | otrs_help_desk | 3.3.9 | |
| otrs | otrs_help_desk | 3.3.10 | |
| otrs | otrs_help_desk | 4.0.0 | |
| otrs | otrs_help_desk | 4.0.1 | |
| otrs | otrs_help_desk | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85C43618-9317-4559-B2CE-F2A541D6E5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3BC9F0-FE36-44C6-8C5E-69AD0355FCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A987515-9963-404E-A208-7941AE80A111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05216F9E-D1A9-402C-AC9D-A1E863C29C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD7998C-4D93-4E03-95A6-847C50EBFAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB3525-C9D7-4891-8F15-413AAC2E2688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA10EEF-5B03-4D58-A446-6A1D2233B525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1B50A-0C2D-454F-8CD6-9A22082CC227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED2D2A-CFA9-4DE3-BDC7-9FFBB0EAA436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA83D4-DAA9-4A19-8D84-7740A3657630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "233773E3-F47C-4204-896A-74AB64E8DE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8A83BF-29CF-431E-9C3A-D8ADB47ABB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "12327A36-5117-4A7B-BF85-55A07309A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "02114451-004D-4CBE-BA5E-AD88EF07FB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9A62B510-5E06-4F21-82AD-2D05A3991AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E7638E-5E9C-4604-9111-E22A889CBCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF4C611-5A51-4E18-9D1A-25E2AEAE0A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "789DDC2E-584D-4582-B9CA-FBC6E3CE3CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69C34B87-C8AE-4E36-8E42-B2FF0B874887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC01E70-A568-4A16-9E42-48D648F44FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "703E7AB0-6B55-4BE0-A31C-75EB81B9DA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5AA450-91CA-412C-A68A-A9AF84E88649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67458A64-244F-45CC-A4F8-077A5272291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6F18DA1F-2C74-4079-9BEE-25725B586D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99406C47-11AF-47D5-8D3F-A6E9C266FA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1888D69D-B68E-4120-A42C-75B53734F308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0F6CFF-CC4E-4551-A879-4EB3AAE629F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA0B533-06A1-45E8-AAF3-BDD11BF251B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43DFED6B-B905-4D20-AC7B-EDD058988A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5364466B-2C01-4F7A-9CB8-21F80F80A756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30D84E9A-D176-4D5B-A48F-95D9540ED77D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
},
{
"lang": "es",
"value": "GenericInterface en OTRS Help Desk 3.2.x anterior a 3.2.17, 3.3.x anterior a 3.3.11 y 4.0.x anterior a 4.0.3 permiten a usuarios remotos autenticados acceder y modificar tickets arbitrarios a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2014-9324",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:18.503",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59875"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62188"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62662"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}