CVE-2024-43445

Summary

A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended.

This issue affects:

  • OTRS 7.0.X

  • OTRS 8.0.X

  • OTRS 2023.X

  • OTRS 2024.X

  • ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS7.0.xaffected
OTRS AGOTRS8.0.xaffected
OTRS AGOTRS2023.xaffected
OTRS AGOTRS2024.xaffected
OTRS AGOTRS2025.x < 2025.1.xaffected
OTRS AG((OTRS)) Community Edition6.0.x <= 6.0.34affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References