CVE-2024-43446

🗓️ 27 Jan 2025 05:58:29Reported by OTRSType

Improper privilege management vulnerability allows unauthorized ticket status changes in OTRS.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-43446	27 Jan 202506:16	–	circl
CNNVD	OTRS 安全漏洞	27 Jan 202500:00	–	cnnvd
Cvelist	CVE-2024-43446 Improper check of permissions in Generic Interface	27 Jan 202505:58	–	cvelist
EUVD	EUVD-2024-40288	3 Oct 202520:07	–	euvd
NVD	CVE-2024-43446	27 Jan 202506:15	–	nvd
Positive Technologies	PT-2025-2648 · Otrs · Otrs	27 Jan 202500:00	–	ptsecurity
SUSE CVE	SUSE CVE-2024-43446	28 Jan 202500:23	–	susecve
Vulnrichment	CVE-2024-43446 Improper check of permissions in Generic Interface	27 Jan 202505:58	–	vulnrichment

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Generic Interface"
    ],
    "product": "OTRS",
    "vendor": "OTRS AG",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.x"
      },
      {
        "status": "affected",
        "version": "8.0.x"
      },
      {
        "status": "affected",
        "version": "2023.x"
      },
      {
        "status": "affected",
        "version": "2024.x"
      },
      {
        "lessThan": "2025.1.x",
        "status": "affected",
        "version": "2025.x",
        "versionType": "Patch"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "((OTRS)) Community Edition",
    "vendor": "OTRS AG",
    "versions": [
      {
        "lessThanOrEqual": "6.0.34",
        "status": "affected",
        "version": "6.0.x",
        "versionType": "All"
      }
    ]
  }
]

Source	Link
otrs	www.otrs.com/release-notes/otrs-security-advisory-2025-02/

15 Apr 2026 00:35Current

4Medium risk

Vulners AI Score4

CVSS 3.13.5

EPSS0.00066

SSVC

CWE-269