CVE-2009-5055

CVE-2009-5055 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

Learn more about our User Device Pen Test.