CVE-2013-4717 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-4717 Interim 1 10 2023-12-08T02:35:46Z current 2021-05-30T13:14:50Z 2023-12-08T02:35:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-4717 Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed otrs-3.3.16-37.1 otrs-doc-3.3.16-37.1 otrs-itsm-3.3.14-37.1 otrs-3.3.16-37.1 as a component of openSUSE Tumbleweed otrs-doc-3.3.16-37.1 as a component of openSUSE Tumbleweed otrs-itsm-3.3.14-37.1 as a component of openSUSE Tumbleweed Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. CVE-2013-4717 openSUSE Tumbleweed:otrs-3.3.16-37.1 openSUSE Tumbleweed:otrs-doc-3.3.16-37.1 openSUSE Tumbleweed:otrs-itsm-3.3.14-37.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H