CVE-2022-4427Improper Input Validation in AG Otrs

CWE-20Improper Input ValidationCWE-89SQL Injection6 documents6 sources
Severity
9.8CRITICALNVD
CNA6.5
EPSS
0.4%
top 38.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Otrs AG OtrsZnunyOtrs+1 more
Timeline
PublishedDec 19

Description

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5otrs_ag/community_edition6.0.16.0.34
NVDotrs/otrs7.0.17.0.40+4
CVEListV5otrs_ag/otrs7.0.17.0.40 Patch 1+1
Debianznuny/znuny< 6.4.5-1+2

🔴Vulnerability Details

3
GHSA
GHSA-qgm5-3gxj-29mw: Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issu2022-12-19
CVEList
SQL Injection via OTRS Search API2022-12-19
OSV
CVE-2022-4427: Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issu2022-12-19

📋Vendor Advisories

2
Debian
CVE-2022-4427: otrs2 - Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Commun...2022
CISA
IBM Data Risk Manager Security Bypass Vulnerability2021-11-03
CVE-2022-4427 — Improper Input Validation in AG Otrs | cvebase