CVE-2022-4427

{"id": "CVE-2022-4427", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@otrs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-12-19T09:15:09.707", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "source": "security@otrs.com"}, {"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@otrs.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "security@otrs.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice\nThis issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition permite la inyecci\u00f3n de SQL a trav\u00e9s de TicketSearch Webservice. Este problema afecta a OTRS: desde 7.0.1 antes de 7.0.40 parche 1, desde 8.0.1 antes de 8.0.28 parche 1 ; ((OTRS)) Community Edition: desde 6.0.1 hasta 6.0.34.\n "}], "lastModified": "2023-08-31T03:15:13.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2", "versionEndIncluding": "6.0.34", "versionStartIncluding": "6.0.1"}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF2A3E3C-3DDF-4242-B173-1EDBFD99D7AC", "versionEndExcluding": "7.0.40", "versionStartIncluding": "7.0.1"}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4430231E-14C4-4C7F-8CA7-F8E36B639ADB", "versionEndExcluding": "8.0.28", "versionStartIncluding": "8.0.1"}, {"criteria": "cpe:2.3:a:otrs:otrs:7.0.40:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "222528AA-E7BC-4FFC-A420-83798C8E9B7E"}, {"criteria": "cpe:2.3:a:otrs:otrs:8.0.28:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3169243C-9150-4E99-8E36-F6EB34D5EDE7"}], "operator": "OR"}]}], "sourceIdentifier": "security@otrs.com"}