CVE-2024-43445

A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://otrs.com/release-notes/otrs-security-advisory-2025-01/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad en OTRS y ((OTRS Community Edition)) que no configura el encabezado de respuesta HTTP X-Content-Type-Options como nosniff. Un atacante podría aprovechar esta vulnerabilidad al cargar o insertar contenido que se trataría como un tipo MIME diferente al previsto. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Los productos basados ??en ((OTRS)) Community Edition también son muy propensos a verse afectados

27 Jan 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 06:15

Updated : 2026-06-17 07:51

NVD link : CVE-2024-43445

Mitre link : CVE-2024-43445

CVE.ORG link : CVE-2024-43445

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-43445", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-43445", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-27T13:36:30.418831Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security@otrs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "affected": [{"source": "security@otrs.com", "affectedData": [{"vendor": "OTRS AG", "product": "OTRS", "versions": [{"status": "affected", "version": "7.0.x"}, {"status": "affected", "version": "8.0.x"}, {"status": "affected", "version": "2023.x"}, {"status": "affected", "version": "2024.x"}, {"status": "affected", "version": "2025.x", "lessThan": "2025.1.x", "versionType": "Patch"}], "defaultStatus": "affected"}, {"vendor": "OTRS AG", "product": "((OTRS)) Community Edition", "versions": [{"status": "affected", "version": "6.0.x", "versionType": "All", "lessThanOrEqual": "6.0.34"}], "defaultStatus": "unaffected"}]}], "published": "2025-01-27T06:15:23.743", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-01/", "source": "security@otrs.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@otrs.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"}, {"lang": "es", "value": "Existe una vulnerabilidad en OTRS y ((OTRS Community Edition)) que no configura el encabezado de respuesta HTTP X-Content-Type-Options como nosniff. Un atacante podr\u00eda aprovechar esta vulnerabilidad al cargar o insertar contenido que se tratar\u00eda como un tipo MIME diferente al previsto. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Los productos basados ??en ((OTRS)) Community Edition tambi\u00e9n son muy propensos a verse afectados"}], "lastModified": "2026-06-17T07:51:03.553", "sourceIdentifier": "security@otrs.com"}