CVE-2013-2625
Summary
| CVE | CVE-2013-2625 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-27 19:15:00 UTC |
| Updated | 2020-08-18 15:05:00 UTC |
| Description | An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Application | Otrs | Faq | All | All | All | All |
| Application | Otrs | Faq | All | All | All | All |
| Application | Otrs | Otrs Help Desk | All | All | All | All |
| Application | Otrs | Otrs Help Desk | All | All | All | All |
| Application | Otrs | Otrs Itsm | All | All | All | All |
| Application | Otrs | Otrs Itsm | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| openSUSE-SU-2013:1338-1: moderate: otrs: 3.1.18 update to fix security i | MISC | lists.opensuse.org | Release Notes, Third Party Advisory |
| IBM X-Force Exchange | MISC | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Multiple OTRS Products CVE-2013-2625 Access Bypass Vulnerability | MISC | www.securityfocus.com | Third Party Advisory, VDB Entry |
| archives.neohapsis.com/archives/bugtraq/2013-08/0009.html | MISC | archives.neohapsis.com | Broken Link, Third Party Advisory |
| CVE-2013-2625 | MISC | security-tracker.debian.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.