ID de Prueba:	1.3.6.1.4.1.25623.1.0.804236
Categoría:	Web application abuses
Título:	OTRS Multiple Vulnerabilities (OSA-2014-01, OSA-2014-02)
Resumen:	OTRS (Open Ticket Request System) is prone to multiple; vulnerabilities.
Descripción:	Summary: OTRS (Open Ticket Request System) is prone to multiple vulnerabilities. Vulnerability Insight: - Flaw is in State.pm script, which fail to sufficiently sanitize user supplied data - Multiple scripts in Kernel/Modules/ fails to perform certain actions via HTTP requests without performing any validity checks to verify the requests Vulnerability Impact: Successful exploitation will allow attackers to manipulate SQL queries by injecting arbitrary SQL code or perform unauthorized actions in the context of a logged-in user. Affected Software/OS: OTRS versions 3.1.x prior to 3.1.19, 3.2.x prior to 3.2.14 and 3.3.x prior to 3.3.4. Solution: Update to version 3.1.19, 3.2.14, 3.3.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1471 BugTraq ID: 65241 http://www.securityfocus.com/bid/65241 Debian Security Information: DSA-2867 (Google Search) http://www.debian.org/security/2014/dsa-2867 http://www.openwall.com/lists/oss-security/2014/01/29/15 http://osvdb.org/102661 http://secunia.com/advisories/56644 http://secunia.com/advisories/56655 Common Vulnerability Exposure (CVE) ID: CVE-2014-1694 http://www.openwall.com/lists/oss-security/2014/01/29/7 http://osvdb.org/102632
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.