Zammad

Zammad

80 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-44886

  • EPSS 0.18%
  • Published 04.02.2022 15:15:12
  • Last modified 21.11.2024 06:31:39

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.

8.1

CVE-2021-43145

  • EPSS 0.38%
  • Published 04.02.2022 15:15:12
  • Last modified 21.11.2024 06:28:43

With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.

5.3

CVE-2021-42137

  • EPSS 0.2%
  • Published 11.10.2021 05:15:06
  • Last modified 21.11.2024 06:27:20

An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.

8.8

CVE-2021-42086

  • EPSS 0.51%
  • Published 07.10.2021 21:15:07
  • Last modified 21.11.2024 06:27:13

An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.

4.9

CVE-2021-42087

  • EPSS 0.34%
  • Published 07.10.2021 21:15:07
  • Last modified 21.11.2024 06:27:13

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.

6.1

CVE-2021-42088

  • EPSS 0.53%
  • Published 07.10.2021 21:15:07
  • Last modified 21.11.2024 06:27:13

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.

7.5

CVE-2021-42089

  • EPSS 0.32%
  • Published 07.10.2021 21:15:07
  • Last modified 21.11.2024 06:27:14

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.

9.8

CVE-2021-42090

  • EPSS 4.93%
  • Published 07.10.2021 21:15:07
  • Last modified 21.11.2024 06:27:14

An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.

9.1

CVE-2021-42091

  • EPSS 0.25%
  • Published 07.10.2021 21:15:07
  • Last modified 21.11.2024 06:27:14

An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.

5.4

CVE-2021-42085

  • EPSS 0.5%
  • Published 07.10.2021 21:15:07
  • Last modified 21.11.2024 06:27:13

An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.