Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.20, 3.1.x prior to 3.1.16, and 3.2.x prior to 3.2.7, and OTRS ITSM 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
otrs otrs |
||
otrs otrs itsm |