CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

Published: Nov 27, 2019
Updated: Apr 13, 2023
CVE: CVE-2013-2625
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
otrs / otrs_help_desk	3.0.0	3.0.19
otrs / otrs_help_desk	3.1.0	3.1.14
otrs / otrs_help_desk	3.2.0.x	3.2.4
otrs / otrs_itsm	3.2.0	3.2.3
otrs / otrs_itsm	3.0.0	3.0.7
otrs / otrs_itsm	3.1.0	3.1.8
otrs / faq	2.2.0	2.2.3
otrs / faq	2.1.0	2.1.4
otrs / faq	2.0.0	2.0.8
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
opensuse / opensuse	12.3	12.3.x
opensuse / opensuse	12.2	12.2.x

http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
http://www.securityfocus.com/bid/58936
https://exchange.xforce.ibmcloud.com/vulnerabilities/83287
https://security-tracker.debian.org/tracker/CVE-2013-2625

Vulnerability Database

289,599

CVE-2013-2625