Unrated severityNVD Advisory· Published Mar 18, 2011· Updated Jun 16, 2026
CVE-2008-7277
CVE-2008-7277
Description
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
Affected products
75cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*+ 74 more
- cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:*:beta3:*:*:*:*:*:*range: <=2.3.0
- (no CPE)range: <2.3.0-beta4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.