VDB
CVE-2022-4427
CVE-2022-4427
PUBLISHED
Es existiert eine Schwachstelle in OTRS. Eine unzulässige Eingabevalidierung ermöglicht SQL Injection über den TicketSearch Webservice. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.
EPSS 0.47% · 64.7th percentile
Risk Scores
EPSS Score
0.47%
64.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| OTRS | OTRS OTRS Community Edition <= 6.0.34 |
Timeline
- Dec 18, 2022 CVE Published
- Dec 20, 2022 EPSS Score
- Jan 31, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 13, 2023 EPSS Score
- Apr 24, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Aug 26, 2023 EPSS Score
- Aug 30, 2023 CVE Updated
- Oct 7, 2023 EPSS Score
- Nov 17, 2023 EPSS Score
- Dec 29, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2362.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2362 advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-4427 advisory
- https://otrs.com/release-notes/otrs-security-advisory-2022-15/ advisory