CVE-2024-43446

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-269
View all →

Vulnerability Description

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

Related Vulnerabilities

CVE-2012-2148

LOW
CVSS:3.3(Low)

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

CWE-2692012

CVE-2017-5084

LOW
CVSS:3.3(Low)

Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.

CWE-2692017

CVE-2019-15332

LOW
CVSS:3.3(Low)

The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave ap...

CWE-2692019

CVE-2020-16126

LOW
CVSS:3.3(Low)

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to Account...

CWE-2692020

CVE-2020-4603

LOW
CVSS:3.3(Low)

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weak...

CWE-2692020

CVE-2021-25336

LOW
CVSS:3.3(Low)

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malic...

CWE-2692021