FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- Incomplete Access Control

Affected packages
3.2.* < otrs < 3.2.17
3.3.* < otrs < 3.3.11
4.0.* < otrs < 4.0.3

Details

VuXML ID 0c5cf7c4-856e-11e4-a089-60a44c524f57
Discovery 2014-12-16
Entry 2014-12-16

The OTRS project reports:

An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.

References

CVE Name CVE-2014-9324
URL http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/