CVE-2024-43445

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 27, 2025

CWE ID 20

Summary

CVE-2024-43445 is a vulnerability affecting various versions of OTRS and OTRS Community Edition. The issue arises from the failure to set the HTTP response header X-Content-Type-Options to nosniff. An attacker can exploit this flaw to upload or insert content that is treated as a different MIME type than intended. This vulnerability poses a risk to OTRS 7.0.X, 8.0.X, 2023.X, and 2024.X, as well as OTRS Community Edition 6.0.x. Products based on the OTRS Community Edition are also likely to be impacted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OTRS

Affected Vendors

otrs)

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xuSva1
https://www.cve.org/CVERecord?id=CVE-2024-43445
https://nvd.nist.gov/vuln/detail/CVE-2024-43445

Back to Vulnerability Database