Summary
This host is installed with OTRS (Open Ticket Request System) and is prone to restriction bypass vulnerability.
Impact
Successful exploitation will allow authenticated attackers to bypass intended access restrictions by merging two tickets.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) version 2.3.0-beta4 or later, For updates refer to http://www.otrs.com/en/
Insight
A flaw exists in AgentTicketMerge.pm which checks for the rw permission, instead of the configured merge permission
Affected
OTRS (Open Ticket Request System) version before 2.3.0-beta4
Detection
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-7277 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability