CVE-2014-9324

medium

Description

The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.

References

https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/

http://www.mandriva.com/security/advisories?name=MDVSA-2015:043

http://secunia.com/advisories/62662

http://secunia.com/advisories/62188

http://secunia.com/advisories/59875

http://advisories.mageia.org/MGASA-2015-0031.html

Details

Source: Mitre, NVD

Published: 2014-12-19

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00799