Summary
This host is installed with OTRS (Open Ticket Request System) or OTRS:ITSM and is prone to multiple input validation vulnerability.
Impact
Successful exploitation will allow remote attackers to gain access steal the victim's cookie-based authentication credentials or execute SQL query.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) version 3.0.22, 3.1.18, 3.2.9 or later, and OTRS::ITSM version 3.0.9, 3.1.10, 3.2.7 For updates refer to http://www.otrs.com/en/ or Apply patch from the vendor advisory link http://otrs.org/advisory/OSA-2013-05-en/
Insight
An error exists in AgentITSMConfigItemSearch which does not sanitize user-supplied input properly
Affected
OTRS (Open Ticket Request System) version 3.0.x up to and including 3.0.21, 3.1.x up to and including 3.1.17 and 3.2.x up to and including 3.2.8 OTRS::ITSM 3.0.x up to and including 3.0.8, 3.1.x up to and including 3.1.9 and 3.2.x up to and including 3.2.6
Detection
Get the installed version and location of OTRS with the help of detect NVT and check the OTRS and OTRS:ITSM version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4717, CVE-2013-4718 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P
Related Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability