Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-26030
An issue exists in Zammad prior to 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
Zammad Zammad
4
CVSSv2
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
4.3
CVSSv2
CVE-2021-35300
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote malicious users to manipulate users into visiting the attackers' page.
Zammad Zammad
NA
CVE-2023-29867
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
Zammad Zammad
NA
CVE-2023-29868
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Zammad Zammad
3.5
CVSSv2
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
6.5
CVSSv2
CVE-2021-42086
An issue exists in Zammad prior to 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
Zammad Zammad
7.5
CVSSv2
CVE-2021-42090
An issue exists in Zammad prior to 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
Zammad Zammad
6.4
CVSSv2
CVE-2021-42091
An issue exists in Zammad prior to 4.1.1. SSRF can occur via GitHub or GitLab integration.
Zammad Zammad
3.5
CVSSv2
CVE-2021-42092
An issue exists in Zammad prior to 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
Zammad Zammad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »