CVSS 3.1 Score 3.5 of 10 (low)


Published Jan 29, 2024
Updated: Feb 2, 2024
CWE ID 354


CVE-2024-23790 is an Improper Input Validation vulnerability affecting OTRS versions 7.0.X through 7.0.48, 8.0.X through 8.0.37, and 2023 through 2023.1.1. The vulnerability is categorized as LOW severity with a base score of 3.5 and a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N. It allows functionality misuse due to the missing check of filetypes in the upload functionality for user avatars. The vulnerability can be exploited over a network and requires low privileges and user interaction to carry out an attack. It poses a potential danger to organizations as it could lead to the compromise of confidentiality with a low impact on integrity, but no impact on availability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23790 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options