Vulnerability Description
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Otrs | >= 3.0.0, < 3.0.20 |
| Otrs | Otrs Itsm | >= 3.0.0, < 3.0.8 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2013-0196.htmlThird Party Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551Issue TrackingThird Party Advisory
- http://advisories.mageia.org/MGASA-2013-0196.htmlThird Party Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551Issue TrackingThird Party Advisory
FAQ
What is CVE-2013-3551?
CVE-2013-3551 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2....
How severe is CVE-2013-3551?
CVE-2013-3551 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3551?
Check the references section above for vendor advisories and patch information. Affected products include: Otrs Otrs, Otrs Otrs Itsm.