CVE-2014-1471
otrs2 - several
EPSS 1.6%
Description
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.
How to fix CVE-2014-1471
To remediate CVE-2014-1471, upgrade the affected package to a fixed version below.
- Debian/otrs2—upgrade to 3.3.4-1 or later
- Debian/otrs2—upgrade to 2.4.9+dfsg1-3+squeeze5 or later
Is CVE-2014-1471 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.3.4-1
- from 0, < 2.4.9+dfsg1-3+squeeze5