MEDIUMβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-24387

CVSS 4.8v3.1pub. 2025-03-10upd. 2025-03-24

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. Β  This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
  • Otrs

    APP
    Otrs
    7.0.0 – 2025.1.2
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-48188CRITICAL9.1PL βœ“ten sam produkt

OTRS / Community Edition: SQL injection z pominiΔ™ciem uwierzytelnienia

CVE-2026-48209HIGH7.1ten sam produkt

An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling al...

CVE-2023-6254HIGH8.1ten sam produkt

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which ...

CVE-2023-5422HIGH8.7ten sam produkt

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL o...

CVE-2023-38056HIGH7.2ten sam produkt

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTas...

CVE-2025-24387 β€” Otrs β€” MEDIUM β€” CVSS 4.8 | CVEbaza.pl