DSA-2867-1 otrs2 -- severalID: oval:org.secpod.oval:def:601220 | Date: (C)2014-02-24 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in otrs2, the Open Ticket Request System. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-1471 Norihiro Tanaka reported missing challenge token checks. An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to these missing checks. CVE-2014-1694 Karsten Nielsen from Vasgard GmbH discovered that an attacker with a valid customer or agent login could inject SQL code through the ticket search URL.
Platform: |
Debian 7.0 |
Debian 6.0 |