CVE-2014-1694

NONECVSS 0.0

0.0

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.

🔗 References (24)

cve@mitrehttp://bugs.otrs.org/show_bug.cgi?id=10099
cve@mitrehttp://osvdb.org/102632
cve@mitrehttp://secunia.com/advisories/56644
cve@mitrehttp://secunia.com/advisories/56655
cve@mitrehttp://www.debian.org/security/2014/dsa-2867
cve@mitrehttp://www.openwall.com/lists/oss-security/2014/01/29/15
cve@mitrehttp://www.openwall.com/lists/oss-security/2014/01/29/7
cve@mitrehttps://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7
cve@mitrehttps://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312
cve@mitrehttps://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77
cve@mitrehttps://www.otrs.com/release-notes-otrs-help-desk-3-3-4
cve@mitrehttps://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface
af854a3a-2127-422b-91ae-364da2661108http://bugs.otrs.org/show_bug.cgi?id=10099
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102632
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56644

Is Your Infrastructure Affected by CVE-2014-1694?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-1694

📅 Published

🔄 Last Modified

🔗 References (24)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-1694?