Filtered by vendor Zammad
Subscriptions
Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35301 | 1 Zammad | 1 Zammad | 2022-07-12 | 5.3 Medium |
| Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view. | ||||
| CVE-2021-43145 | 1 Zammad | 1 Zammad | 2022-07-12 | 8.1 High |
| With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | ||||
| CVE-2021-42137 | 1 Zammad | 1 Zammad | 2022-07-12 | 5.3 Medium |
| An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. | ||||
| CVE-2021-42087 | 1 Zammad | 1 Zammad | 2022-07-12 | 4.9 Medium |
| An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | ||||
| CVE-2021-42086 | 1 Zammad | 1 Zammad | 2022-07-12 | 8.8 High |
| An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | ||||
| CVE-2021-35302 | 1 Zammad | 1 Zammad | 2022-07-12 | 5.3 Medium |
| Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information. | ||||
| CVE-2021-35299 | 1 Zammad | 1 Zammad | 2022-07-12 | 7.5 High |
| Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. | ||||
| CVE-2022-29701 | 1 Zammad | 1 Zammad | 2022-05-05 | 7.5 High |
| A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | ||||
| CVE-2022-29700 | 1 Zammad | 1 Zammad | 2022-05-05 | 7.5 High |
| A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | ||||
| CVE-2022-27331 | 1 Zammad | 1 Zammad | 2022-05-05 | 4.3 Medium |
| An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. | ||||
| CVE-2021-42094 | 1 Zammad | 1 Zammad | 2021-10-14 | 9.8 Critical |
| An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. | ||||
| CVE-2021-42093 | 1 Zammad | 1 Zammad | 2021-10-14 | 7.2 High |
| An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | ||||
| CVE-2021-42092 | 1 Zammad | 1 Zammad | 2021-10-14 | 5.4 Medium |
| An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. | ||||
| CVE-2021-42084 | 1 Zammad | 1 Zammad | 2021-10-14 | 6.5 Medium |
| An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service. | ||||
| CVE-2021-42091 | 1 Zammad | 1 Zammad | 2021-10-14 | 9.1 Critical |
| An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. | ||||
| CVE-2021-42090 | 1 Zammad | 1 Zammad | 2021-10-14 | 9.8 Critical |
| An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. | ||||
| CVE-2021-42089 | 1 Zammad | 1 Zammad | 2021-10-14 | 7.5 High |
| An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. | ||||
| CVE-2021-42088 | 1 Zammad | 1 Zammad | 2021-10-13 | 6.1 Medium |
| An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. | ||||
| CVE-2021-42085 | 1 Zammad | 1 Zammad | 2021-10-13 | 5.4 Medium |
| An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. | ||||
| CVE-2020-14214 | 1 Zammad | 1 Zammad | 2021-07-21 | 6.5 Medium |
| Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization. | ||||