CVE-2022-4427

MEDIUM

OTRS 6.0.1-6.0.34, 7.0.1-7.0.40, 8.0.1-8.0.28 - SQL Injection via TicketSearch Webservice

Title source: llm

Description

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

References (2)

Core 2

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

Release Notes, Vendor Advisory

https://otrs.com/release-notes/otrs-security-advisory-2022-15/

Scores

CVSS v3 6.5

EPSS 0.0072

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20 CWE-89

Status published

Products (4)

otrs/otrs 7.0.40

otrs/otrs 8.0.28

otrs/otrs 6.0.1 - 6.0.34

otrs/otrs 7.0.1 - 7.0.40

Published Dec 19, 2022

Tracked Since Feb 18, 2026