VYPR
Unrated severityNVD Advisory· Published Jul 15, 2024· Updated Aug 1, 2024

Information exlosure in external interface

CVE-2024-6540

Description

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OTRS/Otrsllm-fuzzy2 versions
    8.0.X, 2023.X, 2024.X through 2024.4.x+ 1 more
    • (no CPE)range: 8.0.X, 2023.X, 2024.X through 2024.4.x
    • (no CPE)range: 8.0.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.