SB2011031804 - Permissions, Privileges, and Access Controls in OTRS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011031804

SB2011031804 - Permissions, Privileges, and Access Controls in OTRS

Published: March 18, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011031804
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2008-7279)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote #AU# to read and manipulate data.

The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors.


Remediation

Install update from vendor's website.

References