Bug 563486 (CVE-2010-0438, OSA-2010-01) - CVE-2010-0438 OTRS: Multiple SQL injection flaws in OTRS-Core (OSA-2010-01)
Summary: CVE-2010-0438 OTRS: Multiple SQL injection flaws in OTRS-Core (OSA-2010-01)
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2010-0438, OSA-2010-01
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://otrs.org/advisory/OSA-2010-01-en/
Whiteboard:
Depends On: 635847
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-10 11:54 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:34 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-01-29 17:53:38 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2010-02-10 11:54:15 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0438 to
the following vulnerability:

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in
OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9,
2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow
remote authenticated users to execute arbitrary SQL commands via
unspecified vectors.

References:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0438
  http://otrs.org/advisory/OSA-2010-01-en/
  http://otrs.org/releases/2.4.7/
  http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log
  http://www.otrs.org/news/2010/otrs_2-4-7/
  http://www.securityfocus.com/bid/38146
  http://www.osvdb.org/62181
  http://secunia.com/advisories/38507
Comment 1 Jan Lieskovsky 2010-02-10 11:55:37 UTC 
This issue affects the version of the otrs package, as shipped
within EPEL-5 project.

Please fix / rebase.
Comment 2 Vincent Danen 2014-01-29 17:53:38 UTC 
OTRS has been removed from EPEL5, so this flaw no longer affects anything currently shipped.
Note You need to log in before you can comment on or make changes to this bug.