CVE-2014-9324

MEDIUM

Description

The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.

References

http://advisories.mageia.org/MGASA-2015-0031.html

http://secunia.com/advisories/59875

http://secunia.com/advisories/62188

http://secunia.com/advisories/62662

http://www.mandriva.com/security/advisories?name=MDVSA-2015:043

https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/

Details

Source: MITRE

Published: 2014-12-19

Updated: 2017-01-03

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 6.8

Severity: MEDIUM