{"id":"MGASA-2015-0031","summary":"Updated otrs package fixes CVE-2014-9324","details":"Updated otrs package fixes security vulnerability:\n\nAn attacker with valid OTRS credentials could access and manipulate ticket\ndata of other users via the GenericInterface, if a ticket webservice is\nconfigured and not additionally secured (CVE-2014-9324).\n","modified":"2026-01-31T22:20:57.234234Z","published":"2015-01-20T14:57:33Z","related":["CVE-2014-9324"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0031.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15024"},{"type":"REPORT","url":"https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"},{"type":"REPORT","url":"https://www.otrs.com/release-notes-otrs-help-desk-3-2-17/"},{"type":"REPORT","url":"https://www.debian.org/security/2015/dsa-3124"}],"affected":[{"package":{"name":"otrs","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/otrs?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.17-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0031.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}