CVE-2022-4427

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:7.0.40:-:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:8.0.28:-:*:*:*:*:*:*

History

13 Feb 2025, 17:15

Type Values Removed Values Added
Summary (en) Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. (en) Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

21 Nov 2024, 07:35

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de validación de entrada incorrecta en OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition permite la inyección de SQL a través de TicketSearch Webservice. Este problema afecta a OTRS: desde 7.0.1 antes de 7.0.40 parche 1, desde 8.0.1 antes de 8.0.28 parche 1 ; ((OTRS)) Community Edition: desde 6.0.1 hasta 6.0.34.
References () https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html - () https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html -
References () https://otrs.com/release-notes/otrs-security-advisory-2022-15/ - Release Notes, Vendor Advisory () https://otrs.com/release-notes/otrs-security-advisory-2022-15/ - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 6.5

Information

Published : 2022-12-19 09:15

Updated : 2025-02-13 17:15


NVD link : CVE-2022-4427

Mitre link : CVE-2022-4427

CVE.ORG link : CVE-2022-4427


JSON object : View

Products Affected

otrs

  • otrs
CWE
CWE-20

Improper Input Validation

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')