CVE-2010-4763

First published: Fri Mar 18 2011(Updated: )

The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-historical
• collector/nvd-index
• agent/author
• agent/references
• agent/severity
• agent/weakness
• agent/tags
• agent/type
• agent/description
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• vendor/otrs
• canonical/otrs otrs
• version/otrs otrs/2.4.0-beta6
• version/otrs otrs/2.4.0-beta5
• version/otrs otrs/2.0.0-beta4
• version/otrs otrs/2.0.0-beta2
• version/otrs otrs/2.3.0-beta2
• version/otrs otrs/2.4.1
• version/otrs otrs/2.1.3
• version/otrs otrs/2.2.4
• version/otrs otrs/2.2.5
• version/otrs otrs/1.0.2
• version/otrs otrs/2.4.5
• version/otrs otrs/2.3.5
• version/otrs otrs/2.1.8
• version/otrs otrs/1.1.1
• version/otrs otrs/2.3.0-beta1
• version/otrs otrs/0.5-beta1
• version/otrs otrs/1.2.0-beta2
• version/otrs otrs/1.2.0-beta3
• version/otrs otrs/1.3.1
• version/otrs otrs/2.2.0-beta3
• version/otrs otrs/2.0.0-beta5
• version/otrs otrs/2.1.5
• version/otrs otrs/2.3.4
• version/otrs otrs/2.1.2
• version/otrs otrs/0.5-beta4
• version/otrs otrs/0.5-beta7
• version/otrs otrs/2.4.6
• version/otrs otrs/1.3.0-beta4
• version/otrs otrs/2.2.0-beta4
• version/otrs otrs/2.4.0-beta3
• version/otrs otrs/2.0.3
• version/otrs otrs/1.1.0-rc1
• version/otrs otrs/1.1-rc1
• version/otrs otrs/0.5-beta2
• version/otrs otrs/2.1.0-beta1
• version/otrs otrs/2.3.0-beta4
• version/otrs otrs/1.2.1
• version/otrs otrs/2.2.0-beta1
• version/otrs otrs/2.2.6
• version/otrs otrs/2.4.9
• version/otrs otrs/2.3.3
• version/otrs otrs/2.0.0
• version/otrs otrs/1.1.4
• version/otrs otrs/0.5-beta6
• version/otrs otrs/2.2.0-beta2
• version/otrs otrs/0.5-beta3
• version/otrs otrs/1.2.3
• version/otrs otrs/2.4.0-beta2
• version/otrs otrs/2.2.2
• version/otrs otrs/2.4.3
• version/otrs otrs/2.3.1
• version/otrs otrs/1.0.1
• version/otrs otrs/1.2.4
• version/otrs otrs/2.0.0-beta1
• version/otrs otrs/2.0.5
• version/otrs otrs/1.1.2
• version/otrs otrs/2.2.0-rc1
• version/otrs otrs/0.5-beta8
• version/otrs otrs/2.2.9
• version/otrs otrs/2.1.6
• version/otrs otrs/1.3.2
• version/otrs otrs/2.1.0-beta2
• version/otrs otrs/2.4.10
• version/otrs otrs/1.2.2
• version/otrs otrs/2.4.0-beta4
• version/otrs otrs/1.0-rc1
• version/otrs otrs/1.3.0-beta1
• version/otrs otrs/2.4.4
• version/otrs otrs/2.1.7
• version/otrs otrs/2.4.2
• version/otrs otrs/2.0.4
• version/otrs otrs/1.3.0-beta3
• version/otrs otrs/1.3.0-beta2
• version/otrs otrs/2.1.9
• version/otrs otrs/2.2.7
• version/otrs otrs/2.2.1
• version/otrs otrs/1.1.3
• version/otrs otrs/2.1.4
• version/otrs otrs/2.4.8
• version/otrs otrs/1.0.0
• version/otrs otrs/2.3.2
• version/otrs otrs/2.3.0-rc1
• version/otrs otrs/2.1.1
• version/otrs otrs/2.0.2
• version/otrs otrs/2.0.1
• version/otrs otrs/2.4.0-beta1
• version/otrs otrs/1.1.0-rc2
• version/otrs otrs/2.2.3
• version/otrs otrs/2.4.7
• version/otrs otrs/2.3.0-beta3
• version/otrs otrs/2.0.0-beta6
• version/otrs otrs/1.3.3
• version/otrs otrs/2.2.8
• version/otrs otrs/1.0-rc2
• version/otrs otrs/2.3.6
• version/otrs otrs/1.0-rc3
• version/otrs otrs/1.2.0-beta1
• version/otrs otrs/0.5-beta5