NVD
- Id
- 52159
- Name
- CVE-2009-5055
- Description
- Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.
- Reject
- CVSS Version
- 2
- CVSS Score
- 3.5
- Severity
- Low
- CVSS Base Score
- 3.5
- CVSS Impact Subscore
- 2.9
- CVSS Exploit Subscore
- 6.8
- CVSS Vector
- (AV:N/AC:M/Au:S/C:P/I:N/A:N)
- Pub Date
- 2017-01-07
- Published
- 2011-03-18
- Modified Date
- 2011-03-22
- Seq
- 2009-5055