CVE-2008-7282
EPSS 0.20%
Description
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.
How to fix CVE-2008-7282
To remediate CVE-2008-7282, upgrade the affected package to a fixed version below.
- Debian/otrs2—upgrade to 2.2.6-1 or later
Is CVE-2008-7282 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.6-1