CVE-2013-3551
Summary
| CVE | CVE-2013-3551 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-21 16:15:00 UTC |
| Updated | 2020-02-26 19:34:00 UTC |
| Description | Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mageia Advisory: MGASA-2013-0196 - Updated otrs package fixes security vulnerabilities | MISC | advisories.mageia.org | Third Party Advisory |
| 471096 – (CVE-2013-3551) <www-apps/otrs-3.2.7: Ticket Split Mechanism Vulnerability (CVE-2013-3551) | MISC | bugs.gentoo.org | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.