{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "62188", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62188"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0031.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"}, {"name": "59875", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59875"}, {"name": "62662", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62662"}, {"name": "MDVSA-2015:043", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9324", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "62188", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62188"}, {"name": "http://advisories.mageia.org/MGASA-2015-0031.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0031.html"}, {"name": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/", "refsource": "CONFIRM", "url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"}, {"name": "59875", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59875"}, {"name": "62662", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62662"}, {"name": "MDVSA-2015:043", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:25.159Z"}, "title": "CVE Program Container", "references": [{"name": "62188", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62188"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0031.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"}, {"name": "59875", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59875"}, {"name": "62662", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62662"}, {"name": "MDVSA-2015:043", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9324", "datePublished": "2014-12-19T15:00:00.000Z", "dateReserved": "2014-12-07T00:00:00.000Z", "dateUpdated": "2024-08-06T13:40:25.159Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "85C43618-9317-4559-B2CE-F2A541D6E5AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED3BC9F0-FE36-44C6-8C5E-69AD0355FCD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A987515-9963-404E-A208-7941AE80A111", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "05216F9E-D1A9-402C-AC9D-A1E863C29C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "BAD7998C-4D93-4E03-95A6-847C50EBFAD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "9DFB3525-C9D7-4891-8F15-413AAC2E2688", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "AAA10EEF-5B03-4D58-A446-6A1D2233B525", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "86D1B50A-0C2D-454F-8CD6-9A22082CC227", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "99ED2D2A-CFA9-4DE3-BDC7-9FFBB0EAA436", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "D7AA83D4-DAA9-4A19-8D84-7740A3657630", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "233773E3-F47C-4204-896A-74AB64E8DE2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "4F8A83BF-29CF-431E-9C3A-D8ADB47ABB11", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "12327A36-5117-4A7B-BF85-55A07309A7EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "02114451-004D-4CBE-BA5E-AD88EF07FB57", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "9A62B510-5E06-4F21-82AD-2D05A3991AD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "F5E7638E-5E9C-4604-9111-E22A889CBCAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "3AF4C611-5A51-4E18-9D1A-25E2AEAE0A42", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "789DDC2E-584D-4582-B9CA-FBC6E3CE3CA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "69C34B87-C8AE-4E36-8E42-B2FF0B874887", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCC01E70-A568-4A16-9E42-48D648F44FB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "703E7AB0-6B55-4BE0-A31C-75EB81B9DA64", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6D5AA450-91CA-412C-A68A-A9AF84E88649", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "67458A64-244F-45CC-A4F8-077A5272291E", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "6F18DA1F-2C74-4079-9BEE-25725B586D0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "99406C47-11AF-47D5-8D3F-A6E9C266FA60", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "1888D69D-B68E-4120-A42C-75B53734F308", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "AC0F6CFF-CC4E-4551-A879-4EB3AAE629F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:3.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "7DA0B533-06A1-45E8-AAF3-BDD11BF251B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "43DFED6B-B905-4D20-AC7B-EDD058988A4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5364466B-2C01-4F7A-9CB8-21F80F80A756", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs_help_desk:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "30D84E9A-D176-4D5B-A48F-95D9540ED77D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors."}, {"lang": "es", "value": "GenericInterface en OTRS Help Desk 3.2.x anterior a 3.2.17, 3.3.x anterior a 3.3.11 y 4.0.x anterior a 4.0.3 permiten a usuarios remotos autenticados acceder y modificar tickets arbitrarios a trav\u00e9s de vectores sin especificar."}], "id": "CVE-2014-9324", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-19T15:59:18.503", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2015-0031.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/59875"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62188"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62662"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2015-0031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59875"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}