CVE-2014-1694

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 3.1.x through 3.1.18 Open Ticket Request System (OTRS) versions 3.2.x through 3.2.13 Open Ticket Request System (OTRS) versions 3.3.x through 3.3.3

Description The issue allows remote attackers to hijack the authentication of arbitrary users for requests that create tickets or send follow-ups to existing tickets, due to multiple cross-site request forgery (CSRF) vulnerabilities in various modules, including CustomerPreferences.pm, CustomerTicketMessage.pm, CustomerTicketProcess.pm, and CustomerTicketZoom.pm in Kernel/Modules.

Recommendations For OTRS versions 3.1.x through 3.1.18, update to version 3.1.19 or later. For OTRS versions 3.2.x through 3.2.13, update to version 3.2.14 or later. For OTRS versions 3.3.x through 3.3.3, update to version 3.3.4 or later.