4 matches found
CVE-2010-4763
The ACL-customer-status Ticket Type setting in Open Ticket Request System OTRS before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the 1 Status, 2 Service, and 3 Queue via selections...
CVE-2010-4763
The ACL-customer-status Ticket Type setting in Open Ticket Request System OTRS before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the 1 Status, 2 Service, and 3 Queue via selections...
CVE-2010-4763
The ACL-customer-status Ticket Type setting in Open Ticket Request System OTRS before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the 1 Status, 2 Service, and 3 Queue via selections...
CVE-2010-4763
OTRS before 3.0.0-beta1 is affected by CVE-2010-4763. The ACL-customer-status Ticket Type setting does not restrict options after an AJAX reload, allowing remote authenticated users to bypass ACLs for Status, Service, and Queue via selections. Affected component: OTRS Web UI/ACL logic in the tick...