Summary
This host is installed with OTRS (Open Ticket Request System) or OTRS:ITSM and is prone to multiple input validation vulnerability.
Impact
Successful exploitation will allow remote attackers to gain access steal the victim's cookie-based authentication credentials or execute SQL query.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) version 3.0.22, 3.1.18, 3.2.9 or later, and OTRS::ITSM version 3.0.9, 3.1.10, 3.2.7 For updates refer to http://www.otrs.com/en/ or Apply patch from the vendor advisory link http://otrs.org/advisory/OSA-2013-05-en/
Insight
An error exists in AgentITSMConfigItemSearch which does not sanitize user-supplied input properly
Affected
OTRS (Open Ticket Request System) version 3.0.x up to and including 3.0.21, 3.1.x up to and including 3.1.17 and 3.2.x up to and including 3.2.8 OTRS::ITSM 3.0.x up to and including 3.0.8, 3.1.x up to and including 3.1.9 and 3.2.x up to and including 3.2.6
Detection
Get the installed version and location of OTRS with the help of detect NVT and check the OTRS and OTRS:ITSM version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4717, CVE-2013-4718 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P
Related Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability