An issue exists in Zammad prior to 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad 6.1.0 |
||
zammad zammad 6.2.0 |