Vulnerability DatabaseCVE-2013-3551

CVE-2013-3551:
Linux Debian vulnerability analysis and mitigation

Overview

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 contains a security vulnerability that allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism (NVD).

Technical details

The vulnerability exists in the ticket split mechanism of the OTRS system, specifically in the Kernel/Modules/AgentTicketPhone.pm component. The issue stems from improper access control restrictions that allow authenticated agents to bypass intended access limitations through URL manipulation (Mageia Advisory).

Impact

The vulnerability allows authenticated agents to access and read restricted tickets that they should not have permission to view, potentially exposing sensitive information and compromising ticket confidentiality (Mageia Advisory).

Mitigation and workarounds

Users should upgrade to OTRS version 3.0.20, 3.1.16, or 3.2.7 or later, depending on their installation branch. For OTRS ITSM users, the fix is available in versions 3.0.8, 3.1.9, and 3.2.5 or later (NVD).

Additional resources

Source: This report was generated using AI

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-23745	HIGH	8.2	JavaScript	argo-workflows-fips-3.6	No	Yes	Jan 16, 2026
CVE-2026-23535	HIGH	8	Python	wlc	No	Yes	Jan 16, 2026
CVE-2026-23490	HIGH	7.5	Python	pyasn1	No	Yes	Jan 16, 2026
CVE-2026-23643	MEDIUM	5.4	CakePHP	cakephp	No	Yes	Jan 16, 2026
CVE-2025-61873	LOW	2.6	Linux Debian	request-tracker4	No	Yes	Jan 16, 2026