NotCVE - vendor:"Zammad"

72 results (0.005 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-33668

https://notcve.org/view.php?id=CVE-2024-33668

26 Apr 2024 — An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. Se descubrió un problema en Zammad antes de la versión 6.3.0. Zammad Upload Cache utiliza FormID inseguros y parcialmente adivinables para identificar el contenido. • https://zammad.com/en/advisories/zaa-2024-02 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-50454

https://notcve.org/view.php?id=CVE-2023-50454

10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. Se descubrió un problema en Zammad antes de la versión 6.2.0. En varios subsistemas, se utilizó SSL/TLS para establecer conexiones a servicios externos sin la validación adecuada del nombre de host y la autoridad certificadora. • https://zammad.com/en/advisories/zaa-2023-04 • CWE-295: Improper Certificate Validation •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-50455

https://notcve.org/view.php?id=CVE-2023-50455

10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim). Se descubrió un problema en Zammad antes de la versión 6.2.0. Debido a la falta de limitación de velocidad en la función "verificación de dirección de correo electrónico", un atacante podría enviar muchas solicitudes a una dirección conocida p... • https://zammad.com/en/advisories/zaa-2023-06 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-50453

https://notcve.org/view.php?id=CVE-2023-50453

10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public. Se descubrió un problema en Zammad antes de la versión 6.2.0. Utiliza el endpoint público /api/v1/signshow para su pantalla de inicio de sesión. • https://zammad.com/en/advisories/zaa-2023-08 •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-50456

https://notcve.org/view.php?id=CVE-2023-50456

10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. Se descubrió un problema en Zammad antes de la versión 6.2.0. Un atacante puede activar enlaces de phishing en correos electrónicos de notificación generados a través de un nombre o apellido manipulados. • https://zammad.com/en/advisories/zaa-2023-07 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-50457

https://notcve.org/view.php?id=CVE-2023-50457

10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions. Se descubrió un problema en Zammad antes de la versión 6.2.0. Al enumerar tickets vinculados a una respuesta de la base de conocimientos, o respuestas de la base de conocimientos de un ticket, un usuario podría ver entradas para las que carece de permisos. • https://zammad.com/en/advisories/zaa-2023-05 • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31597

https://notcve.org/view.php?id=CVE-2023-31597

18 May 2023 — An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets. • https://zammad.com/de/advisories/zaa-2023-03 • CWE-863: Incorrect Authorization •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-29867

https://notcve.org/view.php?id=CVE-2023-29867

02 May 2023 — Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. • https://zammad.com/en/advisories/zaa-2023-02 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-29868

https://notcve.org/view.php?id=CVE-2023-29868

02 May 2023 — Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. • https://zammad.com/en/advisories/zaa-2023-01 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-48021

https://notcve.org/view.php?id=CVE-2022-48021

03 Feb 2023 — A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. • https://zammad.com/de/advisories/zaa-2022-11 •

1 2 3 4 5