6.5
CVE-2010-4763
- EPSS 1.57%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:25:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.57% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807
http://bugs.otrs.org/show_bug.cgi?id=4399