Improper Filtering of Special Elements

CVE-2024-6540

Medium

5.7/10

Summary

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-790 - Improper Filtering of Special Elements

The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

References

Advisory Timeline

Published Jul 15, 2024

Improper Filtering of Special Elements

CVE-2024-6540

Summary

CWE-790 - Improper Filtering of Special Elements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS