SQL Injection via OTRS Search API
CVE-2022-4427

6.5MEDIUM

Key Information:

Vendor: Otrs Ag
Status: Otrs; ((otrs)) Community Edition
Vendor: CVE Published:; 19 December 2022

What is CVE-2022-4427?

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

Affected Version(s)

((OTRS)) Community Edition 6.0.1 <= 6.0.34

OTRS 7.0.1

OTRS 7.0.1 < 7.0.40 Patch 1

References

https://otrs.com/release-notes/otrs-security-advisory-202...

https://lists.debian.org/debian-lts-announce/2023/08/msg0...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Dec 12, 2022

Credit

Special thanks to Tim Püttmanns for reporting these vulnerability.