CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
EPSS
Percentile
43.3%
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the
basis of single-digit substrings of the CustomerID value, which allows
remote authenticated users to bypass intended access restrictions in
opportunistic circumstances by visiting a ticket, as demonstrated by
leveraging the CustomerID 12 account to read tickets that should be
available only to CustomerID 1 or CustomerID 2.