OTRS Queue Access Restriction Bypass Vulnerability Network Vulnerability

Summary

This host is installed with OTRS (Open Ticket Request System) and is prone to restriction bypass vulnerability.

Impact

Successful exploitation will allow remote authenticated users to bypass intended queue access restrictions by visiting a ticket. Impact Level: Application

Solution

Upgrade to OTRS (Open Ticket Request System) version 2.3.5 or later, For updates refer to http://www.otrs.com/en/

Insight

An error exists in the application which fails to disable hidden permissions.

Affected

OTRS (Open Ticket Request System) version before 2.3.5

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/74103

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4768

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Afian 'includer.php' Directory Traversal Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability

Take action and discover your vulnerabilities