Lucene search

Ubuntu.comUB:CVE-2016-5843

HistorySep 17, 2016 - 12:00 a.m.

CVE-2016-5843

2016-09-1700:00:00

ubuntu.com

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:C/I:P/A:P

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

0.003 Low

EPSS

Percentile

68.1%

JSON

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6,
4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS)
allow remote attackers to execute arbitrary SQL commands via crafted search
parameters.

Notes

Author	Note
ratliff	FAQ is a separate module

References

github.com/OTRS/FAQ/commit/3700f75c67f6ed1d39bc213445c6d12a458e1af9

github.com/OTRS/FAQ/commit/8c9d63bd0297adda760330805c31afc130861557

github.com/OTRS/FAQ/commit/b805703e7b7725d1f3040bb626a4c4dd845ee9e3

launchpad.net/bugs/cve/CVE-2016-5843

nvd.nist.gov/vuln/detail/CVE-2016-5843

security-tracker.debian.org/tracker/CVE-2016-5843

www.cve.org/CVERecord?id=CVE-2016-5843

www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:C/I:P/A:P

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for UB:CVE-2016-5843