{"id":"CVE-2022-4427","details":"Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice\nThis issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.","modified":"2026-03-14T11:55:17.938273Z","published":"2022-12-19T09:15:09.707Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"},{"type":"ADVISORY","url":"https://otrs.com/release-notes/otrs-security-advisory-2022-15/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"6.0.1"},{"last_affected":"6.0.34"}]},{"events":[{"introduced":"7.0.1"},{"fixed":"7.0.40"}]},{"events":[{"introduced":"8.0.1"},{"fixed":"8.0.28"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0.40-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.28-NA"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4427.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}