CVE-2013-3551

unknown

Published — · Modified —

CVSS v3

—

CVSS v2

—

VIR risk

—

Description

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-3551

OS impact

OS	Version	Status	Fixed in
debian	bullseye	fixed	`3.2.7-1`

References

https://security-tracker.debian.org/tracker/CVE-2013-3551

Verify integrity in audit chain (admin only). AS-IS.