Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2020-26028
An issue exists in Zammad prior to 3.4.1. Admin Users without a ticket.* permission can access Tickets.
Zammad Zammad
5.4
CVSSv3
CVE-2020-26033
An issue exists in Zammad prior to 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
Zammad Zammad
6.1
CVSSv3
CVE-2018-1000154
Zammad GmbH Zammad version 2.3.0 and previous versions contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java s...
Zammad Zammad
5.4
CVSSv3
CVE-2020-14213
In Zammad prior to 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
Zammad Zammad
6.5
CVSSv3
CVE-2022-40816
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged...
Zammad Zammad
4.3
CVSSv3
CVE-2022-40817
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2...
Zammad Zammad
6.5
CVSSv3
CVE-2023-29867
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
Zammad Zammad
6.5
CVSSv3
CVE-2023-29868
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Zammad Zammad
4.3
CVSSv3
CVE-2022-27331
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
Zammad Zammad
9.1
CVSSv3
CVE-2022-27332
An access control issue in Zammad v5.0.3 allows malicious users to write entries to the CTI caller log without authentication. This vulnerability can allow malicious users to execute phishing attacks or cause a Denial of Service (DoS).
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »