Urgent BUG report (security)

Urgent BUG report (security)


I found a bug in SupportCenter Plus that needs to be adressed a.s.a.p. Currently on 8105.

For support engineeers there can be set of which group they can see tickets. This works ok, as the support engineers that are restricted to that group can only view, edit en search tickets of that group in the normal interface.

However when this support engineer logs on to the mobile client (URL /m or (updated) iPhone app) they still see their restricted group in the views. BUT when they do a search they see all tickets, notes and resolutions to tickets they are not allowed to see and revealing info that is not for their eyes!

Can you please make an update for this breach asap or let me know how i can disable access for the mobile site and mobile app for the time being. 

Mike