CVE-2014-2554 — Improper Input Validation in Otrs

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 23

Latest updateMay 14

Description

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

▶debiandebian/otrs2< otrs2 3.3.6-1 (bullseye)

▶NVDotrs/otrs38 versions+37

▶NVDopensuse/opensuse12.3, 13.1+1

GHSA

GHSA-3wmp-c58m-j32f: OTRS 3↗2022-05-14

▶

OSV

CVE-2014-2554: OTRS 3↗2014-04-23

▶

Debian

CVE-2014-2554: otrs2 - OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows rem...↗2014

▶