Medium severity6.5NVD Advisory· Published Feb 21, 2020· Updated Jun 16, 2026
CVE-2013-3551
CVE-2013-3551
Description
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- OTRS/Open Ticket Request Systemdescription
- Range: <3.0.20, <3.1.16, <3.2.7
Patches
Vulnerability mechanics
References
2- advisories.mageia.org/MGASA-2013-0196.htmlnvdThird Party Advisory
- bugs.gentoo.org/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.