CVE-2024-43446 — LOW (3.5) — White Hats Nepal

Vulnerability Description

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-269

References

https://otrs.com/release-notes/otrs-security-advisory-2025-02/

FAQ

What is CVE-2024-43446?

CVE-2024-43446 is a vulnerability with a CVSS score of 3.5 (LOW). An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X ...

How severe is CVE-2024-43446?

CVE-2024-43446 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-43446?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.