CVE-2014-1694

N/A Unknown

Published: February 04, 2014 Modified: April 29, 2026

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.otrs.org/show_bug.cgi?id=10099

Source: cve@mitre.org

http://osvdb.org/102632

Source: cve@mitre.org

http://secunia.com/advisories/56644

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/56655

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2014/dsa-2867

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/01/29/15

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/01/29/7

Source: cve@mitre.org

https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7

Source: cve@mitre.org

Exploit Patch

https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312

Source: cve@mitre.org

Exploit Patch

https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77

Source: cve@mitre.org

Exploit Patch

https://www.otrs.com/release-notes-otrs-help-desk-3-3-4

Source: cve@mitre.org

https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface

Source: cve@mitre.org

Patch Vendor Advisory

http://bugs.otrs.org/show_bug.cgi?id=10099

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/102632

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/56644

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/56655

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2014/dsa-2867

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/01/29/15

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/01/29/7

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

https://www.otrs.com/release-notes-otrs-help-desk-3-3-4

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.6%

69th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

otrs

Related CVEs

CVE-2026-7182 N/A

CVE-2026-41553 N/A

CVE-2026-41552 N/A

CVE-2026-8503 N/A

CVE-2026-8454 N/A