VDB

GCVE-VVD-MAGEIA-2014-94

GCVE-VVD-MAGEIA-2014-94
Advisory Published
Vulnetix · Advisory published April 4, 2014
Updated otrs package fixes security vulnerabilities: In OTRS before 3.2.14, an attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks (CVE-2014-1694). In OTRS before 3.2.14, an attacker with a valid customer or agent login could inject SQL in the ticket search URL (CVE-2014-1471). The update also adds a missing dependency which prevented database creation during web based installation.

Affected Products

VendorProductVersionsPlatforms
Mageiaassaultcube0 (affected), 1.2.0.2-1.mga4 (unaffected)
Mageiaotrs0 (affected), 3.2.14-1.mga3 (unaffected), 0 (affected), 3.2.14-1.mga3 (unaffected)
Mageiaotrs0 (affected), 3.2.14-1.mga4 (unaffected), 0 (affected), 3.2.14-1.mga4 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›