Main Vulnerability Database Vulnerabilities #VU45213

Permissions, Privileges, and Access Controls in OTRS - CVE-2010-4763

Published: March 18, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45213

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2010-4763

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: otrs.org

Affected software:
OTRS

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.

How to mitigate CVE-2010-4763

Install update from vendor's website.

Sources

http://bugs.otrs.org/show_bug.cgi?id=4399
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

Permissions, Privileges, and Access Controls in OTRS - CVE-2010-4763

Detailed vulnerability description

How to mitigate CVE-2010-4763

Sources

Please verify you're human