CVE-2024-6540
Last modified
CVE-2024-6540 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x . EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Otrs | >= 8.0.0, < 2024.5.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-6540?
How severe is CVE-2024-6540?
How do I fix CVE-2024-6540?
Are you affected by CVE-2024-6540?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST