Unrated severityNVD Advisory· Published Feb 4, 2014· Updated Jun 17, 2026
CVE-2014-1694
CVE-2014-1694
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
46cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*+ 45 more
- cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*
- (no CPE)range: >=3.1, <3.1.19 || >=3.2, <3.2.14 || >=3.3, <3.3.4
Patches
Vulnerability mechanics
References
12- www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interfacenvdPatchVendor Advisory
- github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7nvdExploitPatch
- github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312nvdExploitPatch
- github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77nvdExploitPatch
- secunia.com/advisories/56644nvdVendor Advisory
- secunia.com/advisories/56655nvdVendor Advisory
- bugs.otrs.org/show_bug.cginvd
- osvdb.org/102632nvd
- www.debian.org/security/2014/dsa-2867nvd
- www.openwall.com/lists/oss-security/2014/01/29/15nvd
- www.openwall.com/lists/oss-security/2014/01/29/7nvd
- www.otrs.com/release-notes-otrs-help-desk-3-3-4nvd
News mentions
0No linked articles in our index yet.