7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.1%
Updated otrs package fixes security vulnerabilities: In OTRS before 3.2.14, an attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks (CVE-2014-1694). In OTRS before 3.2.14, an attacker with a valid customer or agent login could inject SQL in the ticket search URL (CVE-2014-1471). The update also adds a missing dependency which prevented database creation during web based installation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | otrs | < 3.2.14-1 | otrs-3.2.14-1.mga3 |
Mageia | 4 | noarch | otrs | < 3.2.14-1 | otrs-3.2.14-1.mga4 |