CVE-2009-5055

EPSS 0.10%

Published: 3/18/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-5055

Description

Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

Affected packages (1)

Debian/otrs2from 0, < 2.4.5-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-5055