CVE-2024-23792

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 29, 2024
Updated: Feb 2, 2024
CWE ID 287

Summary

The CVE-2024-23792 vulnerability affects the OTRS ticketing system versions 7.0.X through 7.0.48, 8.0.X through 8.0.37, and 2023.X through 2023.1.1. It allows a logged-in user to impersonate another user by adding attachments to their comments using the UUID. While the legitimate user is completing the comment, the malicious user can add additional files to it. The risk score for this vulnerability is 25 out of 100, with a base severity rating of MEDIUM. The exploitability score is 1.6 out of 10, indicating a relatively low level of difficulty for exploitation. The impact score is 3.6 out of 10, highlighting a high integrity impact but no confidentiality impact or availability impact on the affected organization's systems and data. To remediate this vulnerability, organizations should update their OTRS installations to versions that have addressed the issue provided by [email protected]. Note: This report is based solely on information provided and does not take into account additional context or analysis beyond what is presented in the given text.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23792 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options