Multiple OTRS Products CVE-2013-2625 Access Bypass Vulnerability
BID:58936
CVE-2013-2625 |Info
Multiple OTRS Products CVE-2013-2625 Access Bypass Vulnerability
| Bugtraq ID: | 58936 |
| Class: | Access Validation Error |
| CVE: |
CVE-2013-2625 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2013 12:00AM |
| Updated: | Aug 14 2013 04:06PM |
| Credit: | André Luerssen |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Multiple OTRS Products CVE-2013-2625 Access Bypass Vulnerability
Multiple OTRS products are prone to an access-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
The following OTRS products are vulnerable:
OTRS Help Desk versions prior to 3.2.4, 3.1.14, 3.0.19
OTRS ITSM versions prior to 3.2.3, 3.1.8, and 3.0.7
FAQ versions prior to 2.2.3, 2.1.4, and 2.0.8.
Multiple OTRS products are prone to an access-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
The following OTRS products are vulnerable:
OTRS Help Desk versions prior to 3.2.4, 3.1.14, 3.0.19
OTRS ITSM versions prior to 3.2.3, 3.1.8, and 3.0.7
FAQ versions prior to 2.2.3, 2.1.4, and 2.0.8.
Exploit / POC
Multiple OTRS Products CVE-2013-2625 Access Bypass Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Multiple OTRS Products CVE-2013-2625 Access Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.