CVE-2013-2625

medium

Description

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

References

https://security-tracker.debian.org/tracker/CVE-2013-2625

https://exchange.xforce.ibmcloud.com/vulnerabilities/83287

http://www.securityfocus.com/bid/58936

http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html

Details

Source: Mitre, NVD

Published: 2019-11-27

Updated: 2020-08-18

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N