CVE-2013-3551
otrs2 - privilege escalation
6.5
MEDIUM
CVSS 3.1
EPSS 0.30%
Description
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
How to fix CVE-2013-3551
To remediate CVE-2013-3551, upgrade the affected package to a fixed version below.
- —upgrade to 3.2.7-1 or later
- —upgrade to 3.1.7+dfsg1-8+deb7u1 or later
Is CVE-2013-3551 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.2.7-1
- from 0, < 3.1.7+dfsg1-8+deb7u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |