Input validation error in Opensuse and OTRS - CVE-2014-2554
Published: April 23, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41758
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-2554
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SUSE
otrs.org
otrs.org
Affected software:
Opensuse
OTRS
Opensuse
OTRS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
How to mitigate CVE-2014-2554
Install update from vendor's website.