diff --git a/2024/12xxx/CVE-2024-12280.json b/2024/12xxx/CVE-2024-12280.json
index a2e15c23f0f..fe2e47997ba 100644
--- a/2024/12xxx/CVE-2024-12280.json
+++ b/2024/12xxx/CVE-2024-12280.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12280",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "contact@wpscan.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Unknown",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WP Customer Area",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "versionType": "semver",
+ "version": "0",
+ "lessThanOrEqual": "8.2.4"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://wpscan.com/vulnerability/2b32c0b8-28bb-4220-800b-4c369bca91c5/",
+ "refsource": "MISC",
+ "name": "https://wpscan.com/vulnerability/2b32c0b8-28bb-4220-800b-4c369bca91c5/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "WPScan CVE Generator"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Krugov Artyom"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/12xxx/CVE-2024-12321.json b/2024/12xxx/CVE-2024-12321.json
index 470a7f7918d..fe5db1441fa 100644
--- a/2024/12xxx/CVE-2024-12321.json
+++ b/2024/12xxx/CVE-2024-12321.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12321",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "contact@wpscan.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-Site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Unknown",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WC Affiliate",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "versionType": "semver",
+ "version": "0",
+ "lessThanOrEqual": "2.3.9"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684/",
+ "refsource": "MISC",
+ "name": "https://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "WPScan CVE Generator"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Hassan Khan Yusufzai - Splint3r7"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/12xxx/CVE-2024-12436.json b/2024/12xxx/CVE-2024-12436.json
index 25c06f4a881..bec3dde2a66 100644
--- a/2024/12xxx/CVE-2024-12436.json
+++ b/2024/12xxx/CVE-2024-12436.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12436",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "contact@wpscan.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Unknown",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WP Customer Area",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "versionType": "semver",
+ "version": "0",
+ "lessThanOrEqual": "8.2.4"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://wpscan.com/vulnerability/3345a403-f62c-40c1-b7ae-bc947591e02a/",
+ "refsource": "MISC",
+ "name": "https://wpscan.com/vulnerability/3345a403-f62c-40c1-b7ae-bc947591e02a/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "WPScan CVE Generator"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Bob Matyas"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/43xxx/CVE-2024-43445.json b/2024/43xxx/CVE-2024-43445.json
index 5cf8238f1bf..23d35adfd44 100644
--- a/2024/43xxx/CVE-2024-43445.json
+++ b/2024/43xxx/CVE-2024-43445.json
@@ -1,17 +1,149 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43445",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@otrs.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20 Improper Input Validation",
+ "cweId": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OTRS AG",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OTRS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "7.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "8.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "2023.x"
+ },
+ {
+ "status": "affected",
+ "version": "2024.x"
+ },
+ {
+ "lessThan": "2025.1.x",
+ "status": "affected",
+ "version": "2025.x",
+ "versionType": "Patch"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "((OTRS)) Community Edition",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "6.0.x",
+ "version_value": "6.0.34"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-01/",
+ "refsource": "MISC",
+ "name": "https://otrs.com/release-notes/otrs-security-advisory-2025-01/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "OSA-2025-01",
+ "defect": [
+ "Issue#1708",
+ "Ticket#2024110542002023"
+ ],
+ "discovery": "USER"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches
"
+ }
+ ],
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Special thanks to Alissa Kim for reporting this vulnerability."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/43xxx/CVE-2024-43446.json b/2024/43xxx/CVE-2024-43446.json
index c9e0fd3541b..d97626a26bc 100644
--- a/2024/43xxx/CVE-2024-43446.json
+++ b/2024/43xxx/CVE-2024-43446.json
@@ -1,17 +1,152 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43446",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@otrs.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-269 Improper Privilege Management",
+ "cweId": "CWE-269"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OTRS AG",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OTRS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "7.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "8.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "2023.x"
+ },
+ {
+ "status": "affected",
+ "version": "2024.x"
+ },
+ {
+ "lessThan": "2025.1.x",
+ "status": "affected",
+ "version": "2025.x",
+ "versionType": "Patch"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "((OTRS)) Community Edition",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "6.0.34",
+ "status": "affected",
+ "version": "6.0.x",
+ "versionType": "All"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-02/",
+ "refsource": "MISC",
+ "name": "https://otrs.com/release-notes/otrs-security-advisory-2025-02/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "OSA-2025-02",
+ "defect": [
+ "Issue#3124",
+ "Ticket#2024081942000891"
+ ],
+ "discovery": "USER"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches
"
+ }
+ ],
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/24xxx/CVE-2025-24389.json b/2025/24xxx/CVE-2025-24389.json
index 7c62cf55885..63960f8381b 100644
--- a/2025/24xxx/CVE-2025-24389.json
+++ b/2025/24xxx/CVE-2025-24389.json
@@ -1,17 +1,163 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24389",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@otrs.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-532 Insertion of Sensitive Information into Log File",
+ "cweId": "CWE-532"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OTRS AG",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OTRS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "7.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "8.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "2023.x"
+ },
+ {
+ "status": "affected",
+ "version": "2024.x"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "((OTRS)) Community Edition",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "6.0.x",
+ "version_value": "6.0.34"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-03/",
+ "refsource": "MISC",
+ "name": "https://otrs.com/release-notes/otrs-security-advisory-2025-03/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "OSA-2025-03",
+ "defect": [
+ "Issue#3185",
+ "Ticket#2024112142001941"
+ ],
+ "discovery": "USER"
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "OTRS needs to be configured to use SMTP modules instead of sendmail"
+ }
+ ],
+ "value": "OTRS needs to be configured to use SMTP modules instead of sendmail"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Use a local MTA for sending instead of SMTP configuration within OTRS"
+ }
+ ],
+ "value": "Use a local MTA for sending instead of SMTP configuration within OTRS"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches.
Optional: Use MTA based sending on the OTRS instance e.g. postfix
"
+ }
+ ],
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches. \n\nOptional: Use MTA based sending on the OTRS instance e.g. postfix"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/24xxx/CVE-2025-24390.json b/2025/24xxx/CVE-2025-24390.json
index 2194f016b67..bc3bd5cb345 100644
--- a/2025/24xxx/CVE-2025-24390.json
+++ b/2025/24xxx/CVE-2025-24390.json
@@ -1,17 +1,131 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24390",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@otrs.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute",
+ "cweId": "CWE-614"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OTRS AG",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OTRS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "7.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "8.0.x"
+ },
+ {
+ "status": "affected",
+ "version": "2023.x"
+ },
+ {
+ "status": "affected",
+ "version": "2024.x"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-04/",
+ "refsource": "MISC",
+ "name": "https://otrs.com/release-notes/otrs-security-advisory-2025-04/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "OSA-2025-04",
+ "defect": [
+ "Issue#3079",
+ "Ticket#2024110542002023"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches
"
+ }
+ ],
+ "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Special thanks to Alissa Kim for reporting this vulnerability."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/24xxx/CVE-2025-24860.json b/2025/24xxx/CVE-2025-24860.json
new file mode 100644
index 00000000000..46ebd1154c4
--- /dev/null
+++ b/2025/24xxx/CVE-2025-24860.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-24860",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file