cbcvebase.
CVE-2009-5055
published 2011-03-18

CVE-2009-5055: Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote…

PriorityP415low3.5CVSS 2.0
AVNACMAuSCPINAN
EPSS
0.90%
55.0th percentile
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

Affected

58 ranges· showing 25
VendorProductVersion rangeFixed in
debianotrs2< otrs2 2.4.5-1 (bullseye)otrs2 2.4.5-1 (bullseye)
otrsotrs<= 2.4.3
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs
otrsotrs

CVSS provenance

nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv3.5LOW
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.