CVE-2024-43445
MEDIUM EPSS 13.0%
Published Jan 27, 20251y ago · Modified Jun 17, 20261w ago
5.4 CVSS 3.1
Published Jan 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
13.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
References 1
- otrs.com https://otrs.com/release-notes/otrs-security-advisory-2025-01/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.