修复版本
7.0.32
CVE-2022-0473 describes a cross-site scripting (XSS) vulnerability in OTRS versions 7.0.0 through 7.0.31. This vulnerability allows an attacker to inject malicious JavaScript code into the error message of a regular expression check within dynamic fields. Exploitation requires administrator privileges and can lead to code execution within the administrator's browser session. A patch is available to resolve this issue.
Successful exploitation of CVE-2022-0473 could allow an attacker to execute arbitrary JavaScript code in the context of an OTRS administrator's browser. This could lead to session hijacking, credential theft, or defacement of the OTRS interface. The attacker could potentially gain access to sensitive data stored within OTRS, including customer information, support tickets, and internal communications. While the CVSS score is LOW, the potential for administrator account compromise makes this a significant risk, particularly in environments where OTRS is used to manage critical business processes.
CVE-2022-0473 was publicly disclosed on February 7, 2022. No public proof-of-concept (PoC) code has been widely reported. The vulnerability's LOW severity rating and lack of public exploits suggest a low probability of active exploitation at this time. It is not listed on the CISA KEV catalog.
Organizations using OTRS for customer support or IT service management are at risk, particularly those relying on OTRS administrators with broad privileges. Environments with custom dynamic field configurations or legacy OTRS installations are especially vulnerable.
• otrs: Examine OTRS dynamic field configurations for suspicious regular expressions or unusual characters.
# Example: Search for potentially malicious code in dynamic field definitions
grep -r 'alert\(' /opt/otrs/ -print0 | xargs -0 grep -i 'script'• generic web: Monitor OTRS access logs for unusual requests containing JavaScript code in dynamic field parameters.
# Example: Search for JavaScript code in OTRS access logs
grep -i 'alert(' /var/log/apache2/access.logdisclosure
漏洞利用状态
EPSS
0.36% (58% 百分位)
CVSS 向量
The primary mitigation for CVE-2022-0473 is to upgrade to a patched version of OTRS. Consult the official OTRS advisory for the specific version containing the fix. As a temporary workaround, administrators should carefully review and validate all dynamic field configurations, paying close attention to regular expression checks. Implement strict input validation and sanitization on all user-supplied data used in dynamic fields. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious payloads.
Actualice OTRS a una versión posterior a la 7.0.31. Esto solucionará la vulnerabilidad XSS en los mensajes de error de los campos dinámicos.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2022-0473 is a cross-site scripting (XSS) vulnerability in OTRS versions 7.0.0–7.0.31 that allows attackers to inject malicious JavaScript code.
You are affected if you are running OTRS versions 7.0.0 through 7.0.31 and have not upgraded to a patched version.
Upgrade to a patched version of OTRS. Consult the official OTRS advisory for the specific version containing the fix.
There are no widespread reports of active exploitation, but the vulnerability remains a potential risk.
Refer to the official OTRS security advisory for details: [https://otrs.com/security-advisories/otrs-security-advisory-2022-0473/](https://otrs.com/security-advisories/otrs-security-advisory-2022-0473/)