CVE-2024-6540

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-790
View all →

Vulnerability Description

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x

Related Vulnerabilities

CVE-2024-43442

MEDIUM
CVSS:4.9(Medium)

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (X...

CWE-7902024

CVE-2024-43443

MEDIUM
CVSS:4.9(Medium)

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XS...

CWE-7902024

CVE-2025-0431

MEDIUM
CVSS:5.8(Medium)

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's em...

CWE-7902025

CVE-2024-47984

MEDIUM
CVSS:6.5(Medium)

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functio...

CWE-7902024

CVE-2023-22578

CRITICAL
CVSS:9.8(Critical)

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

CWE-7902023

CVE-2023-45239

CRITICAL
CVSS:9.8(Critical)

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent ...

CWE-7902023