SB2011031804 - Permissions, Privileges, and Access Controls in OTRS
Published: March 18, 2011 Updated: August 11, 2020
Security Bulletin ID
SB2011031804
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2008-7279)
The vulnerability allows a remote #AU# to read and manipulate data.
The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors.
Remediation
Install update from vendor's website.