Vulnerability Database

317,577

Total vulnerabilities in the database

CVE-2024-6540

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x

Published: Jul 15, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-6540
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.7
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWEs:

CWE-790

Affected Software
References

Software	From	Fixed in
otrs / otrs	8.0.0	2024.5.2

https://otrs.com/release-notes/otrs-security-advisory-2024-07/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo