Vulnerabilities > Otrs > Otrs > 2.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-18 | CVE-2010-4760 | Information Exposure vulnerability in Otrs Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. | 3.5 |
| 2011-03-18 | CVE-2010-4759 | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search. | 4.0 |
| 2011-03-18 | CVE-2010-4758 | Cryptographic Issues vulnerability in Otrs installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | 1.9 |
| 2011-03-18 | CVE-2009-5056 | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list. | 2.1 |
| 2011-03-18 | CVE-2009-5055 | Permissions, Privileges, and Access Controls vulnerability in Otrs Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. | 3.5 |