Vulnerability Description
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Otrs | >= 3.0.0, < 3.0.21 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2013-0196.htmlThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.htmlBroken Link
- https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088Issue TrackingThird Party Advisory
- https://www.securityfocus.com/bid/60688/discussThird Party AdvisoryVDB Entry
- http://advisories.mageia.org/MGASA-2013-0196.htmlThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.htmlBroken Link
- https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088Issue TrackingThird Party Advisory
- https://www.securityfocus.com/bid/60688/discussThird Party AdvisoryVDB Entry
FAQ
What is CVE-2013-4088?
CVE-2013-4088 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attac...
How severe is CVE-2013-4088?
CVE-2013-4088 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4088?
Check the references section above for vendor advisories and patch information. Affected products include: Otrs Otrs.