6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.4%
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice
This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
[
{
"defaultStatus": "affected",
"modules": [
"Generic Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.40 Patch 1",
"status": "affected",
"version": "7.0.1",
"versionType": "Patch 1 (2022-12-19)"
},
{
"lessThan": "8.0.28 Patch 1",
"status": "affected",
"version": "8.0.1",
"versionType": "Patch 1 (2022-12-19)"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"Generic Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.1",
"versionType": "All"
}
]
}
]