CVE-2013-3551

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System (OTRS) versions 3.0.x through 3.0.19 Open Ticket Request System (OTRS) versions 3.1.x through 3.1.15 Open Ticket Request System (OTRS) versions 3.2.x through 3.2.6 OTRS ITSM versions 3.0.x through 3.0.7 OTRS ITSM versions 3.1.x through 3.1.8 OTRS ITSM versions 3.2.x through 3.2.4

Description: The issue allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. This is due to the improper restriction of tickets in the Kernel/Modules/AgentTicketPhone.pm module.

Recommendations: For Open Ticket Request System (OTRS) versions 3.0.x through 3.0.19, update to version 3.0.20 or later. For Open Ticket Request System (OTRS) versions 3.1.x through 3.1.15, update to version 3.1.16 or later. For Open Ticket Request System (OTRS) versions 3.2.x through 3.2.6, update to version 3.2.7 or later. For OTRS ITSM versions 3.0.x through 3.0.7, update to version 3.0.8 or later. For OTRS ITSM versions 3.1.x through 3.1.8, update to version 3.1.9 or later. For OTRS ITSM versions 3.2.x through 3.2.4, update to version 3.2.5 or later.