Lucene search
HistoryMar 18, 2011 - 4:55 p.m.
CVE-2010-4763
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
57.7%
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
Affected configurations
Node
otrsotrsRange≤2.4.10
ORotrsotrsMatch0.5beta1
ORotrsotrsMatch0.5beta2
ORotrsotrsMatch0.5beta3
ORotrsotrsMatch0.5beta4
ORotrsotrsMatch0.5beta5
ORotrsotrsMatch0.5beta6
ORotrsotrsMatch0.5beta7
ORotrsotrsMatch0.5beta8
ORotrsotrsMatch1.0rc1
ORotrsotrsMatch1.0rc2
ORotrsotrsMatch1.0rc3
ORotrsotrsMatch1.0.0
ORotrsotrsMatch1.0.1
ORotrsotrsMatch1.0.2
ORotrsotrsMatch1.1rc1
ORotrsotrsMatch1.1.0rc1
ORotrsotrsMatch1.1.0rc2
ORotrsotrsMatch1.1.1
ORotrsotrsMatch1.1.2
ORotrsotrsMatch1.1.3
ORotrsotrsMatch1.1.4
ORotrsotrsMatch1.2.0beta1
ORotrsotrsMatch1.2.0beta2
ORotrsotrsMatch1.2.0beta3
ORotrsotrsMatch1.2.1
ORotrsotrsMatch1.2.2
ORotrsotrsMatch1.2.3
ORotrsotrsMatch1.2.4
ORotrsotrsMatch1.3.0beta1
ORotrsotrsMatch1.3.0beta2
ORotrsotrsMatch1.3.0beta3
ORotrsotrsMatch1.3.0beta4
ORotrsotrsMatch1.3.1
ORotrsotrsMatch1.3.2
ORotrsotrsMatch1.3.3
ORotrsotrsMatch2.0.0
ORotrsotrsMatch2.0.0beta1
ORotrsotrsMatch2.0.0beta2
ORotrsotrsMatch2.0.0beta4
ORotrsotrsMatch2.0.0beta5
ORotrsotrsMatch2.0.0beta6
ORotrsotrsMatch2.0.1
ORotrsotrsMatch2.0.2
ORotrsotrsMatch2.0.3
ORotrsotrsMatch2.0.4
ORotrsotrsMatch2.0.5
ORotrsotrsMatch2.1.0beta1
ORotrsotrsMatch2.1.0beta2
ORotrsotrsMatch2.1.1
ORotrsotrsMatch2.1.2
ORotrsotrsMatch2.1.3
ORotrsotrsMatch2.1.4
ORotrsotrsMatch2.1.5
ORotrsotrsMatch2.1.6
ORotrsotrsMatch2.1.7
ORotrsotrsMatch2.1.8
ORotrsotrsMatch2.1.9
ORotrsotrsMatch2.2.0beta1
ORotrsotrsMatch2.2.0beta2
ORotrsotrsMatch2.2.0beta3
ORotrsotrsMatch2.2.0beta4
ORotrsotrsMatch2.2.0rc1
ORotrsotrsMatch2.2.1
ORotrsotrsMatch2.2.2
ORotrsotrsMatch2.2.3
ORotrsotrsMatch2.2.4
ORotrsotrsMatch2.2.5
ORotrsotrsMatch2.2.6
ORotrsotrsMatch2.2.7
ORotrsotrsMatch2.2.8
ORotrsotrsMatch2.2.9
ORotrsotrsMatch2.3.0beta1
ORotrsotrsMatch2.3.0beta2
ORotrsotrsMatch2.3.0beta3
ORotrsotrsMatch2.3.0beta4
ORotrsotrsMatch2.3.0rc1
ORotrsotrsMatch2.3.1
ORotrsotrsMatch2.3.2
ORotrsotrsMatch2.3.3
ORotrsotrsMatch2.3.4
ORotrsotrsMatch2.3.5
ORotrsotrsMatch2.3.6
ORotrsotrsMatch2.4.0beta1
ORotrsotrsMatch2.4.0beta2
ORotrsotrsMatch2.4.0beta3
ORotrsotrsMatch2.4.0beta4
ORotrsotrsMatch2.4.0beta5
ORotrsotrsMatch2.4.0beta6
ORotrsotrsMatch2.4.1
ORotrsotrsMatch2.4.2
ORotrsotrsMatch2.4.3
ORotrsotrsMatch2.4.4
ORotrsotrsMatch2.4.5
ORotrsotrsMatch2.4.6
ORotrsotrsMatch2.4.7
ORotrsotrsMatch2.4.8
ORotrsotrsMatch2.4.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| otrs | otrs | * | cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:* |
| otrs | otrs | 0.5 | cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:* |
| otrs | otrs | 1.0 | cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2011-03-18 16:55:00
debiancve
debiancve
CVE-2010-4763
2011-03-18 16:55:01
cvelist
cvelist
CVE-2010-4763
2011-03-18 16:00:00
cve
cve
CVE-2010-4763
2011-03-18 16:55:01
ubuntucve
ubuntucve
CVE-2010-4763
2011-03-18 00:00:00
openvas
openvas
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
57.7%
Related for NVD:CVE-2010-4763