Search criteria
6 vulnerabilities found for otrs_help_desk by otrs
FKIE_CVE-2013-2625
Vulnerability from fkie_nvd - Published: 2019-11-27 19:15 - Updated: 2024-11-21 01:52
Severity ?
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE24232-72B7-40BC-BDC9-4889D3C80842",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51091CA-6321-45F1-9FAA-EB45AF1949BA",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9DC926-6983-499F-964B-5EB88112B522",
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1A2A1D-F946-47E6-8183-A971AF6EC301",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B820B3-72F1-43C3-80B1-D0C18DE1C261",
"versionEndExcluding": "3.1.14",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28F96A54-4D16-4166-B422-E55C2D5C82FD",
"versionEndExcluding": "3.2.4",
"versionStartExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D294EC50-C72B-4DF4-A868-4AE6A8FDCFED",
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23D8BE-818F-4F17-93C4-6E35840648AD",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B9FDF3-4FE0-4C4E-80D2-4EE05CA898D6",
"versionEndExcluding": "3.2.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
},
{
"lang": "es",
"value": "Existe un problema de Omisi\u00f3n de Acceso en OTRS Help Desk versiones anteriores a la versi\u00f3n 3.2.4, 3.1.14 y 3.0.19, OTRS ITSM versiones anteriores a la versi\u00f3n 3.2.3, 3.1.8 y 3.0.7, y FAQ versiones anteriores a la versi\u00f3n 2.2.3, 2.1.4, y 2.0.8. Los derechos de acceso por el mecanismo de enlace de objetos no son comprobados."
}
],
"id": "CVE-2013-2625",
"lastModified": "2024-11-21T01:52:03.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T19:15:11.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9324
Vulnerability from fkie_nvd - Published: 2014-12-19 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs_help_desk | 3.2.0 | |
| otrs | otrs_help_desk | 3.2.1 | |
| otrs | otrs_help_desk | 3.2.2 | |
| otrs | otrs_help_desk | 3.2.3 | |
| otrs | otrs_help_desk | 3.2.4 | |
| otrs | otrs_help_desk | 3.2.5 | |
| otrs | otrs_help_desk | 3.2.6 | |
| otrs | otrs_help_desk | 3.2.7 | |
| otrs | otrs_help_desk | 3.2.8 | |
| otrs | otrs_help_desk | 3.2.9 | |
| otrs | otrs_help_desk | 3.2.10 | |
| otrs | otrs_help_desk | 3.2.11 | |
| otrs | otrs_help_desk | 3.2.12 | |
| otrs | otrs_help_desk | 3.2.13 | |
| otrs | otrs_help_desk | 3.2.14 | |
| otrs | otrs_help_desk | 3.2.15 | |
| otrs | otrs_help_desk | 3.2.16 | |
| otrs | otrs_help_desk | 3.3.0 | |
| otrs | otrs_help_desk | 3.3.1 | |
| otrs | otrs_help_desk | 3.3.2 | |
| otrs | otrs_help_desk | 3.3.3 | |
| otrs | otrs_help_desk | 3.3.4 | |
| otrs | otrs_help_desk | 3.3.5 | |
| otrs | otrs_help_desk | 3.3.6 | |
| otrs | otrs_help_desk | 3.3.7 | |
| otrs | otrs_help_desk | 3.3.8 | |
| otrs | otrs_help_desk | 3.3.9 | |
| otrs | otrs_help_desk | 3.3.10 | |
| otrs | otrs_help_desk | 4.0.0 | |
| otrs | otrs_help_desk | 4.0.1 | |
| otrs | otrs_help_desk | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85C43618-9317-4559-B2CE-F2A541D6E5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3BC9F0-FE36-44C6-8C5E-69AD0355FCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A987515-9963-404E-A208-7941AE80A111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05216F9E-D1A9-402C-AC9D-A1E863C29C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD7998C-4D93-4E03-95A6-847C50EBFAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB3525-C9D7-4891-8F15-413AAC2E2688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA10EEF-5B03-4D58-A446-6A1D2233B525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1B50A-0C2D-454F-8CD6-9A22082CC227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED2D2A-CFA9-4DE3-BDC7-9FFBB0EAA436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA83D4-DAA9-4A19-8D84-7740A3657630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "233773E3-F47C-4204-896A-74AB64E8DE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8A83BF-29CF-431E-9C3A-D8ADB47ABB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "12327A36-5117-4A7B-BF85-55A07309A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "02114451-004D-4CBE-BA5E-AD88EF07FB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9A62B510-5E06-4F21-82AD-2D05A3991AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E7638E-5E9C-4604-9111-E22A889CBCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF4C611-5A51-4E18-9D1A-25E2AEAE0A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "789DDC2E-584D-4582-B9CA-FBC6E3CE3CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69C34B87-C8AE-4E36-8E42-B2FF0B874887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC01E70-A568-4A16-9E42-48D648F44FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "703E7AB0-6B55-4BE0-A31C-75EB81B9DA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5AA450-91CA-412C-A68A-A9AF84E88649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67458A64-244F-45CC-A4F8-077A5272291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6F18DA1F-2C74-4079-9BEE-25725B586D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99406C47-11AF-47D5-8D3F-A6E9C266FA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1888D69D-B68E-4120-A42C-75B53734F308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0F6CFF-CC4E-4551-A879-4EB3AAE629F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA0B533-06A1-45E8-AAF3-BDD11BF251B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43DFED6B-B905-4D20-AC7B-EDD058988A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5364466B-2C01-4F7A-9CB8-21F80F80A756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30D84E9A-D176-4D5B-A48F-95D9540ED77D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
},
{
"lang": "es",
"value": "GenericInterface en OTRS Help Desk 3.2.x anterior a 3.2.17, 3.3.x anterior a 3.3.11 y 4.0.x anterior a 4.0.3 permiten a usuarios remotos autenticados acceder y modificar tickets arbitrarios a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2014-9324",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:18.503",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59875"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62188"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62662"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-2625 (GCVE-0-2013-2625)
Vulnerability from cvelistv5 – Published: 2019-11-27 18:08 – Updated: 2024-08-06 15:44
VLAI?
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2625",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"name": "http://www.securityfocus.com/bid/58936",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/58936"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2625",
"datePublished": "2019-11-27T18:08:35",
"dateReserved": "2013-03-18T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9324 (GCVE-0-2014-9324)
Vulnerability from cvelistv5 – Published: 2014-12-19 15:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62188"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0031.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"name": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9324",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2625 (GCVE-0-2013-2625)
Vulnerability from nvd – Published: 2019-11-27 18:08 – Updated: 2024-08-06 15:44
VLAI?
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2625",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"name": "http://www.securityfocus.com/bid/58936",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/58936"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2625",
"datePublished": "2019-11-27T18:08:35",
"dateReserved": "2013-03-18T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9324 (GCVE-0-2014-9324)
Vulnerability from nvd – Published: 2014-12-19 15:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62188"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0031.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0031.html"
},
{
"name": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"
},
{
"name": "59875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59875"
},
{
"name": "62662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62662"
},
{
"name": "MDVSA-2015:043",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9324",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}