Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.
This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
References
Link | Resource |
---|---|
https://otrs.com/release-notes/otrs-security-advisory-2024-07/ | Vendor Advisory |
https://otrs.com/release-notes/otrs-security-advisory-2024-07/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
References | () https://otrs.com/release-notes/otrs-security-advisory-2024-07/ - Vendor Advisory |
16 Jul 2024, 18:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://otrs.com/release-notes/otrs-security-advisory-2024-07/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:* | |
First Time |
Otrs otrs
Otrs |
|
CWE | NVD-CWE-noinfo |
15 Jul 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x |
15 Jul 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-15 08:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6540
Mitre link : CVE-2024-6540
CVE.ORG link : CVE-2024-6540
JSON object : View
Products Affected
otrs
- otrs
CWE