Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-4763HistoryMar 18, 2011 - 4:55 p.m.
CVE-2010-4763
2011-03-1816:55:01
Debian Security Bug Tracker
security-tracker.debian.org
14
otrs
acl-customer-status
bypass restrictions
ajax reload
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.002
Percentile
57.7%
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | otrs2 | < 3.0.8+dfsg1-1 | otrs2_3.0.8+dfsg1-1_all.deb |
Related
prion
prion
Sql injection
2011-03-18 16:55:00
nvd
nvd
CVE-2010-4763
2011-03-18 16:55:01
cvelist
cvelist
CVE-2010-4763
2011-03-18 16:00:00
cve
cve
CVE-2010-4763
2011-03-18 16:55:01
ubuntucve
ubuntucve
CVE-2010-4763
2011-03-18 00:00:00
openvas
openvas
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.002
Percentile
57.7%
Related for DEBIANCVE:CVE-2010-4763