CVE-2010-4763

Description

The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.

How to fix CVE-2010-4763

To remediate CVE-2010-4763, upgrade the affected package to a fixed version below.

• Debian/otrs2—upgrade to 3.0.8+dfsg1-1 or later

Is CVE-2010-4763 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.0.8+dfsg1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4763