CVE-2010-0438 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-0438 Interim 1 5 2023-12-09T01:59:28Z current 2021-05-30T12:50:25Z 2023-12-09T01:59:28Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-0438 Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IE7I5U4VU7ZSJNN3DHYMM3JYGTV67J6/#4IE7I5U4VU7ZSJNN3DHYMM3JYGTV67J6 E-Mail link for SUSE-SR:2010:014 https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. CVE-2010-0438 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P