Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-10096
An issue exists in Zammad 3.0 up to and including 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sens...
Zammad Zammad
5
CVSSv2
CVE-2020-10097
An issue exists in Zammad 3.0 up to and including 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
Zammad Zammad
3.5
CVSSv2
CVE-2020-10098
An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.
Zammad Zammad
5
CVSSv2
CVE-2020-10101
An issue exists in Zammad 3.0 up to and including 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.
Zammad Zammad
4
CVSSv2
CVE-2020-26028
An issue exists in Zammad prior to 3.4.1. Admin Users without a ticket.* permission can access Tickets.
Zammad Zammad
4
CVSSv2
CVE-2020-26031
An issue exists in Zammad prior to 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
Zammad Zammad
5.8
CVSSv2
CVE-2020-26033
An issue exists in Zammad prior to 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
Zammad Zammad
4
CVSSv2
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
3.5
CVSSv2
CVE-2020-26035
An issue exists in Zammad prior to 3.4.1. There is Stored XSS via a Tags element in a TIcket.
Zammad Zammad
NA
CVE-2022-40816
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged...
Zammad Zammad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »