Mandriva Linux Security Advisory 2015-043 - An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
78c4ebc355ef57a8f65bf66a10f4072a53a151e9a0b9ff461469d27a4cbf76e1
Debian Linux Security Advisory 3124-1 - Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
7bbeb782b4332cf7eba5793171a4bba0a05ee1778c7d6bff699dabf4b2b6ecbf