Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9324

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2014-9324
Last Modified 25 Mar 2015 10:00:27
Published 19 Dec 2014 10:59:18
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-9324

Summary

The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.

Vulnerable Systems

Application

  • Otrs Help Desk 3.2.0

  • Otrs Help Desk 3.2.1

  • Otrs Help Desk 3.2.10

  • Otrs Help Desk 3.2.11

  • Otrs Help Desk 3.2.12

  • Otrs Help Desk 3.2.13

  • Otrs Help Desk 3.2.14

  • Otrs Help Desk 3.2.15

  • Otrs Help Desk 3.2.16

  • Otrs Help Desk 3.2.2

  • Otrs Help Desk 3.2.3

  • Otrs Help Desk 3.2.4

  • Otrs Help Desk 3.2.5

  • Otrs Help Desk 3.2.6

  • Otrs Help Desk 3.2.7

  • Otrs Help Desk 3.2.8

  • Otrs Help Desk 3.2.9

  • Otrs Help Desk 3.3.0

  • Otrs Help Desk 3.3.1

  • Otrs Help Desk 3.3.10

  • Otrs Help Desk 3.3.2

  • Otrs Help Desk 3.3.3

  • Otrs Help Desk 3.3.4

  • Otrs Help Desk 3.3.5

  • Otrs Help Desk 3.3.6

  • Otrs Help Desk 3.3.7

  • Otrs Help Desk 3.3.8

  • Otrs Help Desk 3.3.9

  • Otrs Help Desk 4.0.0

  • Otrs Help Desk 4.0.1

  • Otrs Help Desk 4.0.2


References

CONFIRM - https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/

SECUNIA - 59875

SECUNIA - 62662

MANDRIVA - MDVSA-2015:043

CONFIRM - http://advisories.mageia.org/MGASA-2015-0031.html


Last Updated: 27 May 2016 11:07:20