Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-42084
An issue exists in Zammad prior to 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
Zammad Zammad
4
CVSSv2
CVE-2021-42087
An issue exists in Zammad prior to 4.1.1. An admin can discover the application secret via the API.
Zammad Zammad
3.5
CVSSv2
CVE-2021-42092
An issue exists in Zammad prior to 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
Zammad Zammad
5
CVSSv2
CVE-2021-42137
An issue exists in Zammad prior to 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
Zammad Zammad
4
CVSSv2
CVE-2022-27331
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
Zammad Zammad
4
CVSSv2
CVE-2020-10104
An issue exists in Zammad 3.0 up to and including 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an malicious user to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
Zammad Zammad
5
CVSSv2
CVE-2020-10105
An issue exists in Zammad 3.0 up to and including 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an malicious user to formulate more precise attacks. Source code was disclosed for...
Zammad Zammad
5.8
CVSSv2
CVE-2022-27332
An access control issue in Zammad v5.0.3 allows malicious users to write entries to the CTI caller log without authentication. This vulnerability can allow malicious users to execute phishing attacks or cause a Denial of Service (DoS).
Zammad Zammad
4.3
CVSSv2
CVE-2021-35300
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote malicious users to manipulate users into visiting the attackers' page.
Zammad Zammad
5
CVSSv2
CVE-2021-35302
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information.
Zammad Zammad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »