CVE-2024-43446

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://otrs.com/release-notes/otrs-security-advisory-2025-02/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de administración de privilegios incorrecta en el módulo de interfaz genérica de OTRS permite cambiar el estado del ticket incluso si el usuario solo tiene permisos ro. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Es muy probable que los productos basados ??en ((OTRS)) Community Edition también se vean afectados

27 Jan 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 06:15

Updated : 2026-06-17 07:51

NVD link : CVE-2024-43446

Mitre link : CVE-2024-43446

CVE.ORG link : CVE-2024-43446

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-43446", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-43446", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-27T13:36:20.253690Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security@otrs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "affected": [{"source": "security@otrs.com", "affectedData": [{"vendor": "OTRS AG", "modules": ["Generic Interface"], "product": "OTRS", "versions": [{"status": "affected", "version": "7.0.x"}, {"status": "affected", "version": "8.0.x"}, {"status": "affected", "version": "2023.x"}, {"status": "affected", "version": "2024.x"}, {"status": "affected", "version": "2025.x", "lessThan": "2025.1.x", "versionType": "Patch"}], "defaultStatus": "affected"}, {"vendor": "OTRS AG", "product": "((OTRS)) Community Edition", "versions": [{"status": "affected", "version": "6.0.x", "versionType": "All", "lessThanOrEqual": "6.0.34"}], "defaultStatus": "affected"}]}], "published": "2025-01-27T06:15:24.033", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-02/", "source": "security@otrs.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@otrs.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"}, {"lang": "es", "value": "Una vulnerabilidad de administraci\u00f3n de privilegios incorrecta en el m\u00f3dulo de interfaz gen\u00e9rica de OTRS permite cambiar el estado del ticket incluso si el usuario solo tiene permisos ro. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Es muy probable que los productos basados ??en ((OTRS)) Community Edition tambi\u00e9n se vean afectados"}], "lastModified": "2026-06-17T07:51:03.657", "sourceIdentifier": "security@otrs.com"}