Candidate: CVE-2014-1471
PublicDate: 2014-02-04 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1471
 https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/
 http://www.openwall.com/lists/oss-security/2014/01/29
Description:
 SQL injection vulnerability in the StateGetStatesByType function in
 Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before
 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers
 to execute arbitrary SQL commands via vectors related to a ticket search
 URL.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_otrs2:
upstream_otrs2: released (3.3.4-1)
lucid_otrs2: ignored (reached end-of-life)
precise_otrs2: ignored (reached end-of-life)
precise/esm_otrs2: DNE (precise was needed)
quantal_otrs2: ignored (reached end-of-life)
saucy_otrs2: ignored (reached end-of-life)
trusty_otrs2: not-affected (3.3.5-1)
trusty/esm_otrs2: DNE (trusty was not-affected [3.3.5-1])
utopic_otrs2: not-affected (3.3.5-1)
vivid_otrs2: not-affected (3.3.5-1)
vivid/stable-phone-overlay_otrs2: DNE
vivid/ubuntu-core_otrs2: DNE
wily_otrs2: not-affected (3.3.5-1)
xenial_otrs2: not-affected (3.3.5-1)
yakkety_otrs2: not-affected (3.3.5-1)
zesty_otrs2: not-affected (3.3.5-1)
devel_otrs2: not-affected (3.3.5-1)