CVE-2010-4763
First published: Fri Mar 18 2011(Updated: )
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OTRS | =2.4.0-beta6 | |
| OTRS | =2.4.0-beta5 | |
| OTRS | =2.0.0-beta4 | |
| OTRS | =2.0.0-beta2 | |
| OTRS | =2.3.0-beta2 | |
| OTRS | =2.4.1 | |
| OTRS | =2.1.3 | |
| OTRS | =2.2.4 | |
| OTRS | =2.2.5 | |
| OTRS | =1.0.2 | |
| OTRS | =2.4.5 | |
| OTRS | =2.3.5 | |
| OTRS | =2.1.8 | |
| OTRS | =1.1.1 | |
| OTRS | =2.3.0-beta1 | |
| OTRS | =0.5-beta1 | |
| OTRS | =1.2.0-beta2 | |
| OTRS | =1.2.0-beta3 | |
| OTRS | =1.3.1 | |
| OTRS | =2.2.0-beta3 | |
| OTRS | =2.0.0-beta5 | |
| OTRS | =2.1.5 | |
| OTRS | =2.3.4 | |
| OTRS | =2.1.2 | |
| OTRS | =0.5-beta4 | |
| OTRS | =0.5-beta7 | |
| OTRS | =2.4.6 | |
| OTRS | =1.3.0-beta4 | |
| OTRS | =2.2.0-beta4 | |
| OTRS | =2.4.0-beta3 | |
| OTRS | =2.0.3 | |
| OTRS | =1.1.0-rc1 | |
| OTRS | =1.1-rc1 | |
| OTRS | =0.5-beta2 | |
| OTRS | =2.1.0-beta1 | |
| OTRS | =2.3.0-beta4 | |
| OTRS | =1.2.1 | |
| OTRS | =2.2.0-beta1 | |
| OTRS | =2.2.6 | |
| OTRS | =2.4.9 | |
| OTRS | =2.3.3 | |
| OTRS | =2.0.0 | |
| OTRS | =1.1.4 | |
| OTRS | =0.5-beta6 | |
| OTRS | =2.2.0-beta2 | |
| OTRS | =0.5-beta3 | |
| OTRS | =1.2.3 | |
| OTRS | =2.4.0-beta2 | |
| OTRS | =2.2.2 | |
| OTRS | =2.4.3 | |
| OTRS | =2.3.1 | |
| OTRS | =1.0.1 | |
| OTRS | =1.2.4 | |
| OTRS | =2.0.0-beta1 | |
| OTRS | =2.0.5 | |
| OTRS | =1.1.2 | |
| OTRS | =2.2.0-rc1 | |
| OTRS | =0.5-beta8 | |
| OTRS | =2.2.9 | |
| OTRS | =2.1.6 | |
| OTRS | =1.3.2 | |
| OTRS | =2.1.0-beta2 | |
| OTRS | <=2.4.10 | |
| OTRS | =1.2.2 | |
| OTRS | =2.4.0-beta4 | |
| OTRS | =1.0-rc1 | |
| OTRS | =1.3.0-beta1 | |
| OTRS | =2.4.4 | |
| OTRS | =2.1.7 | |
| OTRS | =2.4.2 | |
| OTRS | =2.0.4 | |
| OTRS | =1.3.0-beta3 | |
| OTRS | =1.3.0-beta2 | |
| OTRS | =2.1.9 | |
| OTRS | =2.2.7 | |
| OTRS | =2.2.1 | |
| OTRS | =1.1.3 | |
| OTRS | =2.1.4 | |
| OTRS | =2.4.8 | |
| OTRS | =1.0.0 | |
| OTRS | =2.3.2 | |
| OTRS | =2.3.0-rc1 | |
| OTRS | =2.1.1 | |
| OTRS | =2.0.2 | |
| OTRS | =2.0.1 | |
| OTRS | =2.4.0-beta1 | |
| OTRS | =1.1.0-rc2 | |
| OTRS | =2.2.3 | |
| OTRS | =2.4.7 | |
| OTRS | =2.3.0-beta3 | |
| OTRS | =2.0.0-beta6 | |
| OTRS | =1.3.3 | |
| OTRS | =2.2.8 | |
| OTRS | =1.0-rc2 | |
| OTRS | =2.3.6 | |
| OTRS | =1.0-rc3 | |
| OTRS | =1.2.0-beta1 | |
| OTRS | =0.5-beta5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-4763?
The severity of CVE-2010-4763 is considered medium as it allows authenticated users to bypass ACL restrictions.
How do I fix CVE-2010-4763?
To fix CVE-2010-4763, you should upgrade to OTRS version 3.0.0-beta1 or later.
What software versions are affected by CVE-2010-4763?
CVE-2010-4763 affects multiple OTRS versions, specifically all versions prior to 3.0.0-beta1.
What kind of vulnerability is CVE-2010-4763?
CVE-2010-4763 is an access control vulnerability that allows unauthorized ticket access.
Can CVE-2010-4763 affect customer data?
Yes, CVE-2010-4763 can potentially expose customer ticket data and status to unauthorized users.
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/description
- vendor/otrs
- canonical/otrs
- version/otrs/2.4.0-beta6
- version/otrs/2.4.0-beta5
- version/otrs/2.0.0-beta4
- version/otrs/2.0.0-beta2
- version/otrs/2.3.0-beta2
- version/otrs/2.4.1
- version/otrs/2.1.3
- version/otrs/2.2.4
- version/otrs/2.2.5
- version/otrs/1.0.2
- version/otrs/2.4.5
- version/otrs/2.3.5
- version/otrs/2.1.8
- version/otrs/1.1.1
- version/otrs/2.3.0-beta1
- version/otrs/0.5-beta1
- version/otrs/1.2.0-beta2
- version/otrs/1.2.0-beta3
- version/otrs/1.3.1
- version/otrs/2.2.0-beta3
- version/otrs/2.0.0-beta5
- version/otrs/2.1.5
- version/otrs/2.3.4
- version/otrs/2.1.2
- version/otrs/0.5-beta4
- version/otrs/0.5-beta7
- version/otrs/2.4.6
- version/otrs/1.3.0-beta4
- version/otrs/2.2.0-beta4
- version/otrs/2.4.0-beta3
- version/otrs/2.0.3
- version/otrs/1.1.0-rc1
- version/otrs/1.1-rc1
- version/otrs/0.5-beta2
- version/otrs/2.1.0-beta1
- version/otrs/2.3.0-beta4
- version/otrs/1.2.1
- version/otrs/2.2.0-beta1
- version/otrs/2.2.6
- version/otrs/2.4.9
- version/otrs/2.3.3
- version/otrs/2.0.0
- version/otrs/1.1.4
- version/otrs/0.5-beta6
- version/otrs/2.2.0-beta2
- version/otrs/0.5-beta3
- version/otrs/1.2.3
- version/otrs/2.4.0-beta2
- version/otrs/2.2.2
- version/otrs/2.4.3
- version/otrs/2.3.1
- version/otrs/1.0.1
- version/otrs/1.2.4
- version/otrs/2.0.0-beta1
- version/otrs/2.0.5
- version/otrs/1.1.2
- version/otrs/2.2.0-rc1
- version/otrs/0.5-beta8
- version/otrs/2.2.9
- version/otrs/2.1.6
- version/otrs/1.3.2
- version/otrs/2.1.0-beta2
- version/otrs/2.4.10
- version/otrs/1.2.2
- version/otrs/2.4.0-beta4
- version/otrs/1.0-rc1
- version/otrs/1.3.0-beta1
- version/otrs/2.4.4
- version/otrs/2.1.7
- version/otrs/2.4.2
- version/otrs/2.0.4
- version/otrs/1.3.0-beta3
- version/otrs/1.3.0-beta2
- version/otrs/2.1.9
- version/otrs/2.2.7
- version/otrs/2.2.1
- version/otrs/1.1.3
- version/otrs/2.1.4
- version/otrs/2.4.8
- version/otrs/1.0.0
- version/otrs/2.3.2
- version/otrs/2.3.0-rc1
- version/otrs/2.1.1
- version/otrs/2.0.2
- version/otrs/2.0.1
- version/otrs/2.4.0-beta1
- version/otrs/1.1.0-rc2
- version/otrs/2.2.3
- version/otrs/2.4.7
- version/otrs/2.3.0-beta3
- version/otrs/2.0.0-beta6
- version/otrs/1.3.3
- version/otrs/2.2.8
- version/otrs/1.0-rc2
- version/otrs/2.3.6
- version/otrs/1.0-rc3
- version/otrs/1.2.0-beta1
- version/otrs/0.5-beta5