CVE-2013-3551
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
El archivo Kernel/Modules/AgentTicketPhone.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.20, versiones 3.1.x anteriores a 3.1.16, y versiones 3.2.x anteriores a 3.2.7, y OTRS ITSM versiones 3.0.x anteriores a 3.0.8, versiones 3.1.x anteriores a 3.1.9, y versiones 3.2.x anteriores a 3.2.5, no restringe apropiadamente los tickets, lo cual permite a atacantes remotos con un inicio de sesión de agente válido, leer tickets restringidos por medio de una URL diseñada que implica el mecanismo de división de tickets.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-05-16 CVE Reserved
- 2013-05-29 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://advisories.mageia.org/MGASA-2013-0196.html | Third Party Advisory | |
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 3.0.0 < 3.0.20 Search vendor "Otrs" for product "Otrs" and version " >= 3.0.0 < 3.0.20" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 3.1.0 < 3.1.16 Search vendor "Otrs" for product "Otrs" and version " >= 3.1.0 < 3.1.16" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 3.2.0 < 3.2.7 Search vendor "Otrs" for product "Otrs" and version " >= 3.2.0 < 3.2.7" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Itsm Search vendor "Otrs" for product "Otrs Itsm" | >= 3.0.0 < 3.0.8 Search vendor "Otrs" for product "Otrs Itsm" and version " >= 3.0.0 < 3.0.8" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Itsm Search vendor "Otrs" for product "Otrs Itsm" | >= 3.1.0 < 3.1.9 Search vendor "Otrs" for product "Otrs Itsm" and version " >= 3.1.0 < 3.1.9" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Itsm Search vendor "Otrs" for product "Otrs Itsm" | >= 3.2.0 < 3.2.5 Search vendor "Otrs" for product "Otrs Itsm" and version " >= 3.2.0 < 3.2.5" | - |
Affected
|