Summary
This host is installed with OTRS (Open Ticket Request System) and is prone to restriction bypass vulnerability.
Impact
Successful exploitation will allow authenticated attackers to bypass intended access restrictions by merging two tickets.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) version 2.3.0-beta4 or later, For updates refer to http://www.otrs.com/en/
Insight
A flaw exists in AgentTicketMerge.pm which checks for the rw permission, instead of the configured merge permission
Affected
OTRS (Open Ticket Request System) version before 2.3.0-beta4
Detection
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-7277 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities