[ MDVSA-2015:043 ] otrs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:043
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : otrs
 Date    : February 10, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated otrs package fixes security vulnerability:
 
 An attacker with valid OTRS credentials could access and manipulate
 ticket data of other users via the GenericInterface, if a ticket
 webservice is configured and not additionally secured (CVE-2014-9324).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9324
 http://advisories.mageia.org/MGASA-2015-0031.html
 _______________________________________________________________________

 

Leave a Reply