6.8
CVE-2025-24390
- EPSS 0.2%
- Veröffentlicht 27.01.2025 06:15:24
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@otrs.com
- CVE-Watchlists
- Unerledigt
Missing Cookie Flags
A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerOTRS AG
≫
Produkt
OTRS
Default Statusaffected
Version
7.0.x
Status
affected
Version
8.0.x
Status
affected
Version
2023.x
Status
affected
Version
2024.x
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.094 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@otrs.com | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
https://otrs.com/release-notes/otrs-security-advisory-2025-04/