CVE-2024-6540Improper Filtering of Special Elements in Otrs

CWE-790Improper Filtering of Special Elements3 documents3 sources
Severity
5.3MEDIUMNVD
CNA5.7
EPSS
0.5%
top 35.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OtrsOtrs AG Otrs
Timeline
PublishedJul 15

Description

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDotrs/otrs8.0.02024.5.2
CVEListV5otrs_ag/otrs2024.x2024.4.x+2

🔴Vulnerability Details

2
CVEList
Information exlosure in external interface2024-07-15
GHSA
GHSA-4h57-3gmx-g682: Improper filtering of fields when using the export function in the ticket overview of the external interface could allow an authorized user to downloa2024-07-15
CVE-2024-6540 — Improper Filtering of Special Elements | cvebase