Main Vulnerability Database Vulnerabilities #VU45200

Permissions, Privileges, and Access Controls in OTRS - CVE-2008-7279

Published: March 18, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45200

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2008-7279

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: otrs.org

Affected software:
OTRS

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors.

How to mitigate CVE-2008-7279

Install update from vendor's website.

Sources

http://bugs.otrs.org/show_bug.cgi?id=3103
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

Permissions, Privileges, and Access Controls in OTRS - CVE-2008-7279

Detailed vulnerability description

How to mitigate CVE-2008-7279

Sources

Please verify you're human