3 matches found
CVE-2009-5055
Open Ticket Request System OTRS before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the...
CVE-2009-5055
Open Ticket Request System OTRS before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the...
CVE-2009-5055
Open Ticket Request System (OTRS) prior to 2.4.4 has a transport-layer access-control flaw: ticket access is granted based on single-digit substrings of the CustomerID, enabling remote authenticated users to bypass restrictions and read tickets intended for other CustomerIDs (e.g., CustomerID 12 ...