Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-42084
An issue exists in Zammad prior to 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
Zammad Zammad
8.8
CVSSv3
CVE-2021-42086
An issue exists in Zammad prior to 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
Zammad Zammad
9.8
CVSSv3
CVE-2021-42094
An issue exists in Zammad prior to 4.1.1. Command Injection can occur via custom Packages.
Zammad Zammad
7.5
CVSSv3
CVE-2020-26032
An SSRF issue exists in Zammad prior to 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. ...
Zammad Zammad
6.5
CVSSv3
CVE-2020-26029
An issue exists in Zammad prior to 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
Zammad Zammad
9.8
CVSSv3
CVE-2020-26030
An issue exists in Zammad prior to 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
Zammad Zammad
4.3
CVSSv3
CVE-2020-26031
An issue exists in Zammad prior to 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
Zammad Zammad
4.3
CVSSv3
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
5.4
CVSSv3
CVE-2020-26035
An issue exists in Zammad prior to 3.4.1. There is Stored XSS via a Tags element in a TIcket.
Zammad Zammad
5.3
CVSSv3
CVE-2020-10097
An issue exists in Zammad 3.0 up to and including 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »