CVE

Id
42490  
CVE No.
CVE-2009-5055  
Status
Candidate  
Description
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.  
Phase
Assigned (20110318)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
463005 42490 CVE-2009-5055 CONFIRM:http://bugs.otrs.org/show_bug.cgi?id=4105  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
33570 JVNDB-2011-003812 IBM Lotus Quickr for Lotus Domino におけるサービス運用妨害 (DoS) の脆弱性 IBM Lotus Quickr には、サービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。 CVE-2009-5059 42490 3.5 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003812.html  View