CVE-2013-2625Improper Privilege Management in FAQ

CWE-269Improper Privilege Management5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 60.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Otrs FAQOtrs Help DeskOtrs Itsm+2 more
Timeline
PublishedNov 27
Latest updateMay 5

Description

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages4 packages

NVDotrs/otrs_help_desk3.0.03.0.19+2
NVDotrs/otrs_itsm3.0.03.0.7+2
NVDotrs/faq2.0.02.0.8+2
NVDopensuse/opensuse12.2, 12.3+1

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-87rp-gwq4-fx5h: An Access Bypass issue exists in OTRS Help Desk before 32022-05-05
CVEList
CVE-2013-2625: An Access Bypass issue exists in OTRS Help Desk before 32019-11-27
OSV
CVE-2013-2625: An Access Bypass issue exists in OTRS Help Desk before 32019-11-27

📋Vendor Advisories

1
Debian
CVE-2013-2625: otrs2 - An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19...2013
CVE-2013-2625 — Improper Privilege Management in FAQ | cvebase