{"id":"CVE-2014-9324","details":"The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.","modified":"2026-01-27T04:13:30.786344Z","published":"2014-12-19T15:59:18Z","withdrawn":"2026-01-27T04:13:30.786344Z","related":["MGASA-2015-0031","openSUSE-SU-2024:10073-1"],"references":[{"type":"ADVISORY","url":"http://advisories.mageia.org/MGASA-2015-0031.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59875"},{"type":"ADVISORY","url":"http://secunia.com/advisories/62188"},{"type":"ADVISORY","url":"http://secunia.com/advisories/62662"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:043"},{"type":"ADVISORY","url":"https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"}],"schema_version":"1.7.3"}