Vulnerabilites related to otrs - otrs_help_desk
CVE-2013-2625 (GCVE-0-2013-2625)
Vulnerability from cvelistv5
Published
2019-11-27 18:08
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2625",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"name": "http://www.securityfocus.com/bid/58936",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/58936"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2625",
"datePublished": "2019-11-27T18:08:35",
"dateReserved": "2013-03-18T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9324 (GCVE-0-2014-9324)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62188"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0031.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"name": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9324",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-27 19:15
Modified
2024-11-21 01:52
Severity ?
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE24232-72B7-40BC-BDC9-4889D3C80842",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51091CA-6321-45F1-9FAA-EB45AF1949BA",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9DC926-6983-499F-964B-5EB88112B522",
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1A2A1D-F946-47E6-8183-A971AF6EC301",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B820B3-72F1-43C3-80B1-D0C18DE1C261",
"versionEndExcluding": "3.1.14",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28F96A54-4D16-4166-B422-E55C2D5C82FD",
"versionEndExcluding": "3.2.4",
"versionStartExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D294EC50-C72B-4DF4-A868-4AE6A8FDCFED",
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23D8BE-818F-4F17-93C4-6E35840648AD",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B9FDF3-4FE0-4C4E-80D2-4EE05CA898D6",
"versionEndExcluding": "3.2.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
},
{
"lang": "es",
"value": "Existe un problema de Omisi\u00f3n de Acceso en OTRS Help Desk versiones anteriores a la versi\u00f3n 3.2.4, 3.1.14 y 3.0.19, OTRS ITSM versiones anteriores a la versi\u00f3n 3.2.3, 3.1.8 y 3.0.7, y FAQ versiones anteriores a la versi\u00f3n 2.2.3, 2.1.4, y 2.0.8. Los derechos de acceso por el mecanismo de enlace de objetos no son comprobados."
}
],
"id": "CVE-2013-2625",
"lastModified": "2024-11-21T01:52:03.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T19:15:11.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs_help_desk | 3.2.0 | |
| otrs | otrs_help_desk | 3.2.1 | |
| otrs | otrs_help_desk | 3.2.2 | |
| otrs | otrs_help_desk | 3.2.3 | |
| otrs | otrs_help_desk | 3.2.4 | |
| otrs | otrs_help_desk | 3.2.5 | |
| otrs | otrs_help_desk | 3.2.6 | |
| otrs | otrs_help_desk | 3.2.7 | |
| otrs | otrs_help_desk | 3.2.8 | |
| otrs | otrs_help_desk | 3.2.9 | |
| otrs | otrs_help_desk | 3.2.10 | |
| otrs | otrs_help_desk | 3.2.11 | |
| otrs | otrs_help_desk | 3.2.12 | |
| otrs | otrs_help_desk | 3.2.13 | |
| otrs | otrs_help_desk | 3.2.14 | |
| otrs | otrs_help_desk | 3.2.15 | |
| otrs | otrs_help_desk | 3.2.16 | |
| otrs | otrs_help_desk | 3.3.0 | |
| otrs | otrs_help_desk | 3.3.1 | |
| otrs | otrs_help_desk | 3.3.2 | |
| otrs | otrs_help_desk | 3.3.3 | |
| otrs | otrs_help_desk | 3.3.4 | |
| otrs | otrs_help_desk | 3.3.5 | |
| otrs | otrs_help_desk | 3.3.6 | |
| otrs | otrs_help_desk | 3.3.7 | |
| otrs | otrs_help_desk | 3.3.8 | |
| otrs | otrs_help_desk | 3.3.9 | |
| otrs | otrs_help_desk | 3.3.10 | |
| otrs | otrs_help_desk | 4.0.0 | |
| otrs | otrs_help_desk | 4.0.1 | |
| otrs | otrs_help_desk | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85C43618-9317-4559-B2CE-F2A541D6E5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3BC9F0-FE36-44C6-8C5E-69AD0355FCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A987515-9963-404E-A208-7941AE80A111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05216F9E-D1A9-402C-AC9D-A1E863C29C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD7998C-4D93-4E03-95A6-847C50EBFAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB3525-C9D7-4891-8F15-413AAC2E2688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA10EEF-5B03-4D58-A446-6A1D2233B525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1B50A-0C2D-454F-8CD6-9A22082CC227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED2D2A-CFA9-4DE3-BDC7-9FFBB0EAA436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA83D4-DAA9-4A19-8D84-7740A3657630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "233773E3-F47C-4204-896A-74AB64E8DE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8A83BF-29CF-431E-9C3A-D8ADB47ABB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "12327A36-5117-4A7B-BF85-55A07309A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "02114451-004D-4CBE-BA5E-AD88EF07FB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9A62B510-5E06-4F21-82AD-2D05A3991AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E7638E-5E9C-4604-9111-E22A889CBCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF4C611-5A51-4E18-9D1A-25E2AEAE0A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "789DDC2E-584D-4582-B9CA-FBC6E3CE3CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69C34B87-C8AE-4E36-8E42-B2FF0B874887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC01E70-A568-4A16-9E42-48D648F44FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "703E7AB0-6B55-4BE0-A31C-75EB81B9DA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5AA450-91CA-412C-A68A-A9AF84E88649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67458A64-244F-45CC-A4F8-077A5272291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6F18DA1F-2C74-4079-9BEE-25725B586D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99406C47-11AF-47D5-8D3F-A6E9C266FA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1888D69D-B68E-4120-A42C-75B53734F308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0F6CFF-CC4E-4551-A879-4EB3AAE629F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA0B533-06A1-45E8-AAF3-BDD11BF251B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43DFED6B-B905-4D20-AC7B-EDD058988A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5364466B-2C01-4F7A-9CB8-21F80F80A756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30D84E9A-D176-4D5B-A48F-95D9540ED77D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
},
{
"lang": "es",
"value": "GenericInterface en OTRS Help Desk 3.2.x anterior a 3.2.17, 3.3.x anterior a 3.3.11 y 4.0.x anterior a 4.0.3 permiten a usuarios remotos autenticados acceder y modificar tickets arbitrarios a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2014-9324",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:18.503",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59875"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62188"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62662"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}