CVE-2014-9324
otrs2 - security update
EPSS 0.96%
Description
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
How to fix CVE-2014-9324
To remediate CVE-2014-9324, upgrade the affected package to a fixed version below.
- Debian/otrs2—upgrade to 3.3.9-3 or later
- Debian/otrs2—upgrade to 3.1.7+dfsg1-8+deb7u5 or later
Is CVE-2014-9324 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.3.9-3
- from 0, < 3.1.7+dfsg1-8+deb7u5