CVE-2013-2625
published 2019-11-27CVE-2013-2625: An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and…
PriorityP434medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
1.29%
66.7th percentile
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | otrs2 | < otrs2 3.1.7+dfsg1-8 (bullseye) | otrs2 3.1.7+dfsg1-8 (bullseye) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| otrs | faq | >= 2.0.0 < 2.0.8 | 2.0.8 |
| otrs | faq | >= 2.1.0 < 2.1.4 | 2.1.4 |
| otrs | faq | >= 2.2.0 < 2.2.3 | 2.2.3 |
| otrs | otrs_help_desk | < 3.2.4 | 3.2.4 |
| otrs | otrs_help_desk | >= 3.0.0 < 3.0.19 | 3.0.19 |
| otrs | otrs_help_desk | >= 3.1.0 < 3.1.14 | 3.1.14 |
| otrs | otrs_itsm | >= 3.0.0 < 3.0.7 | 3.0.7 |
| otrs | otrs_itsm | >= 3.1.0 < 3.1.8 | 3.1.8 |
| otrs | otrs_itsm | >= 3.2.0 < 3.2.3 | 3.2.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-2625: otrs2 - An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19...
vendor_debian·2013·CVSS 6.5
CVE-2013-2625 [MEDIUM] CVE-2013-2625: otrs2 - An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19...
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
Scope: local
bullseye: resolved (fixed in 3.1.7+dfsg1-8)
GHSA
GHSA-87rp-gwq4-fx5h: An Access Bypass issue exists in OTRS Help Desk before 3
ghsa_unreviewed·2022-05-05
CVE-2013-2625 [MEDIUM] GHSA-87rp-gwq4-fx5h: An Access Bypass issue exists in OTRS Help Desk before 3
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
OSV
CVE-2013-2625: An Access Bypass issue exists in OTRS Help Desk before 3
osv·2019-11-27·CVSS 6.5
CVE-2013-2625 [MEDIUM] CVE-2013-2625: An Access Bypass issue exists in OTRS Help Desk before 3
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00027.htmlhttp://www.securityfocus.com/bid/58936https://exchange.xforce.ibmcloud.com/vulnerabilities/83287https://security-tracker.debian.org/tracker/CVE-2013-2625http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00027.htmlhttp://www.securityfocus.com/bid/58936https://exchange.xforce.ibmcloud.com/vulnerabilities/83287https://security-tracker.debian.org/tracker/CVE-2013-2625
2019-11-27
Published