SUSE CVE-2014-9324

🗓️ 15 Feb 2023 05:25:05Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Authenticated remote users can access and modify arbitrary tickets via GenericInterface in affected OTRS Help Desk versions.

Reporter	Title	Published	Views	Family All 26
FreeBSD	otrs -- Incomplete Access Control	16 Dec 201400:00	–	freebsd
CNVD	OTRS Help Desk Security Mechanism Bypass Vulnerability	26 Dec 201400:00	–	cnvd
CVE	CVE-2014-9324	19 Dec 201415:00	–	cve
Cvelist	CVE-2014-9324	19 Dec 201415:00	–	cvelist
Debian	[SECURITY] [DSA 3124-1] otrs2 security update	10 Jan 201512:40	–	debian
Debian	[SECURITY] [DSA 3124-1] otrs2 security update	10 Jan 201512:40	–	debian
Debian CVE	CVE-2014-9324	19 Dec 201415:00	–	debiancve
Tenable Nessus	Debian DSA-3124-1 : otrs2 - security update	12 Jan 201500:00	–	nessus
Tenable Nessus	FreeBSD : otrs -- Incomplete Access Control (0c5cf7c4-856e-11e4-a089-60a44c524f57)	17 Dec 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : otrs (MDVSA-2015:043)	11 Feb 201500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	otrs	3.3.16-37.1	otrs-3.3.16-37.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	otrs-doc	3.3.16-37.1	otrs-doc-3.3.16-37.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	otrs-itsm	3.3.14-37.1	otrs-itsm-3.3.14-37.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2014-9324
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/910988

16 Mar 2025 11:36Current

7High risk

Vulners AI Score7

CVSS 26

EPSS0.00963

help desk generic interface arbitrary tickets remote authenticated users