Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-10097
An issue exists in Zammad 3.0 up to and including 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
Zammad Zammad
5.4
CVSSv3
CVE-2020-10098
An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.
Zammad Zammad
5.4
CVSSv3
CVE-2020-10099
An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the To...
Zammad Zammad
6.5
CVSSv3
CVE-2020-10100
An issue exists in Zammad 3.0 up to and including 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are abl...
Zammad Zammad
7.5
CVSSv3
CVE-2020-10101
An issue exists in Zammad 3.0 up to and including 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.
Zammad Zammad
4.3
CVSSv3
CVE-2020-10104
An issue exists in Zammad 3.0 up to and including 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an malicious user to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
Zammad Zammad
4.3
CVSSv3
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
9.1
CVSSv3
CVE-2022-27332
An access control issue in Zammad v5.0.3 allows malicious users to write entries to the CTI caller log without authentication. This vulnerability can allow malicious users to execute phishing attacks or cause a Denial of Service (DoS).
Zammad Zammad
6.5
CVSSv3
CVE-2022-40816
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged...
Zammad Zammad
4.3
CVSSv3
CVE-2022-40817
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2...
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »