Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2010-4763

Published: Mar 18, 2011 | Modified: Mar 22, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2010-4763
CWEhttps://cwe.mitre.org/data/definitions/264.html

The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.

Affected Software

Name Vendor Start Version End Version
Otrs Otrs * 2.4.10 (including)
Otrs Otrs 0.5-beta1 (including) 0.5-beta1 (including)
Otrs Otrs 0.5-beta2 (including) 0.5-beta2 (including)
Otrs Otrs 0.5-beta3 (including) 0.5-beta3 (including)
Otrs Otrs 0.5-beta4 (including) 0.5-beta4 (including)
Otrs Otrs 0.5-beta5 (including) 0.5-beta5 (including)
Otrs Otrs 0.5-beta6 (including) 0.5-beta6 (including)
Otrs Otrs 0.5-beta7 (including) 0.5-beta7 (including)
Otrs Otrs 0.5-beta8 (including) 0.5-beta8 (including)
Otrs Otrs 1.0-rc1 (including) 1.0-rc1 (including)
Otrs Otrs 1.0-rc2 (including) 1.0-rc2 (including)
Otrs Otrs 1.0-rc3 (including) 1.0-rc3 (including)
Otrs Otrs 1.0.0 (including) 1.0.0 (including)
Otrs Otrs 1.0.1 (including) 1.0.1 (including)
Otrs Otrs 1.0.2 (including) 1.0.2 (including)
Otrs Otrs 1.1-rc1 (including) 1.1-rc1 (including)
Otrs Otrs 1.1.0-rc1 (including) 1.1.0-rc1 (including)
Otrs Otrs 1.1.0-rc2 (including) 1.1.0-rc2 (including)
Otrs Otrs 1.1.1 (including) 1.1.1 (including)
Otrs Otrs 1.1.2 (including) 1.1.2 (including)
Otrs Otrs 1.1.3 (including) 1.1.3 (including)
Otrs Otrs 1.1.4 (including) 1.1.4 (including)
Otrs Otrs 1.2.0-beta1 (including) 1.2.0-beta1 (including)
Otrs Otrs 1.2.0-beta2 (including) 1.2.0-beta2 (including)
Otrs Otrs 1.2.0-beta3 (including) 1.2.0-beta3 (including)
Otrs Otrs 1.2.1 (including) 1.2.1 (including)
Otrs Otrs 1.2.2 (including) 1.2.2 (including)
Otrs Otrs 1.2.3 (including) 1.2.3 (including)
Otrs Otrs 1.2.4 (including) 1.2.4 (including)
Otrs Otrs 1.3.0-beta1 (including) 1.3.0-beta1 (including)
Otrs Otrs 1.3.0-beta2 (including) 1.3.0-beta2 (including)
Otrs Otrs 1.3.0-beta3 (including) 1.3.0-beta3 (including)
Otrs Otrs 1.3.0-beta4 (including) 1.3.0-beta4 (including)
Otrs Otrs 1.3.1 (including) 1.3.1 (including)
Otrs Otrs 1.3.2 (including) 1.3.2 (including)
Otrs Otrs 1.3.3 (including) 1.3.3 (including)
Otrs Otrs 2.0.0 (including) 2.0.0 (including)
Otrs Otrs 2.0.0-beta1 (including) 2.0.0-beta1 (including)
Otrs Otrs 2.0.0-beta2 (including) 2.0.0-beta2 (including)
Otrs Otrs 2.0.0-beta4 (including) 2.0.0-beta4 (including)
Otrs Otrs 2.0.0-beta5 (including) 2.0.0-beta5 (including)
Otrs Otrs 2.0.0-beta6 (including) 2.0.0-beta6 (including)
Otrs Otrs 2.0.1 (including) 2.0.1 (including)
Otrs Otrs 2.0.2 (including) 2.0.2 (including)
Otrs Otrs 2.0.3 (including) 2.0.3 (including)
Otrs Otrs 2.0.4 (including) 2.0.4 (including)
Otrs Otrs 2.0.5 (including) 2.0.5 (including)
Otrs Otrs 2.1.0-beta1 (including) 2.1.0-beta1 (including)
Otrs Otrs 2.1.0-beta2 (including) 2.1.0-beta2 (including)
Otrs Otrs 2.1.1 (including) 2.1.1 (including)
Otrs Otrs 2.1.2 (including) 2.1.2 (including)
Otrs Otrs 2.1.3 (including) 2.1.3 (including)
Otrs Otrs 2.1.4 (including) 2.1.4 (including)
Otrs Otrs 2.1.5 (including) 2.1.5 (including)
Otrs Otrs 2.1.6 (including) 2.1.6 (including)
Otrs Otrs 2.1.7 (including) 2.1.7 (including)
Otrs Otrs 2.1.8 (including) 2.1.8 (including)
Otrs Otrs 2.1.9 (including) 2.1.9 (including)
Otrs Otrs 2.2.0-beta1 (including) 2.2.0-beta1 (including)
Otrs Otrs 2.2.0-beta2 (including) 2.2.0-beta2 (including)
Otrs Otrs 2.2.0-beta3 (including) 2.2.0-beta3 (including)
Otrs Otrs 2.2.0-beta4 (including) 2.2.0-beta4 (including)
Otrs Otrs 2.2.0-rc1 (including) 2.2.0-rc1 (including)
Otrs Otrs 2.2.1 (including) 2.2.1 (including)
Otrs Otrs 2.2.2 (including) 2.2.2 (including)
Otrs Otrs 2.2.3 (including) 2.2.3 (including)
Otrs Otrs 2.2.4 (including) 2.2.4 (including)
Otrs Otrs 2.2.5 (including) 2.2.5 (including)
Otrs Otrs 2.2.6 (including) 2.2.6 (including)
Otrs Otrs 2.2.7 (including) 2.2.7 (including)
Otrs Otrs 2.2.8 (including) 2.2.8 (including)
Otrs Otrs 2.2.9 (including) 2.2.9 (including)
Otrs Otrs 2.3.0-beta1 (including) 2.3.0-beta1 (including)
Otrs Otrs 2.3.0-beta2 (including) 2.3.0-beta2 (including)
Otrs Otrs 2.3.0-beta3 (including) 2.3.0-beta3 (including)
Otrs Otrs 2.3.0-beta4 (including) 2.3.0-beta4 (including)
Otrs Otrs 2.3.0-rc1 (including) 2.3.0-rc1 (including)
Otrs Otrs 2.3.1 (including) 2.3.1 (including)
Otrs Otrs 2.3.2 (including) 2.3.2 (including)
Otrs Otrs 2.3.3 (including) 2.3.3 (including)
Otrs Otrs 2.3.4 (including) 2.3.4 (including)
Otrs Otrs 2.3.5 (including) 2.3.5 (including)
Otrs Otrs 2.3.6 (including) 2.3.6 (including)
Otrs Otrs 2.4.0-beta1 (including) 2.4.0-beta1 (including)
Otrs Otrs 2.4.0-beta2 (including) 2.4.0-beta2 (including)
Otrs Otrs 2.4.0-beta3 (including) 2.4.0-beta3 (including)
Otrs Otrs 2.4.0-beta4 (including) 2.4.0-beta4 (including)
Otrs Otrs 2.4.0-beta5 (including) 2.4.0-beta5 (including)
Otrs Otrs 2.4.0-beta6 (including) 2.4.0-beta6 (including)
Otrs Otrs 2.4.1 (including) 2.4.1 (including)
Otrs Otrs 2.4.2 (including) 2.4.2 (including)
Otrs Otrs 2.4.3 (including) 2.4.3 (including)
Otrs Otrs 2.4.4 (including) 2.4.4 (including)
Otrs Otrs 2.4.5 (including) 2.4.5 (including)
Otrs Otrs 2.4.6 (including) 2.4.6 (including)
Otrs Otrs 2.4.7 (including) 2.4.7 (including)
Otrs Otrs 2.4.8 (including) 2.4.8 (including)
Otrs Otrs 2.4.9 (including) 2.4.9 (including)
Otrs2 Ubuntu hardy *
Otrs2 Ubuntu karmic *
Otrs2 Ubuntu lucid *
Otrs2 Ubuntu maverick *
Otrs2 Ubuntu natty *
Otrs2 Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use