CVE-2024-43446

Summary

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions.

This issue affects:

  • OTRS 7.0.X

  • OTRS 8.0.X

  • OTRS 2023.X

  • OTRS 2024.X

  • ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS7.0.xaffected
OTRS AGOTRS8.0.xaffected
OTRS AGOTRS2023.xaffected
OTRS AGOTRS2024.xaffected
OTRS AGOTRS2025.x < 2025.1.xaffected
OTRS AG((OTRS)) Community Edition6.0.x <= 6.0.34affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References