Vulnerabilities > CVE-2022-35488 - Unspecified vulnerability in Zammad 5.2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

zammad

NVD

Published: 2022-08-08

Updated: 2023-08-08

Summary

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

Vulnerable Configurations

Part	Description	Count
Application	Zammad Zammad Zammad 5.2.0	2

References

https://zammad.com/de/advisories/zaa-2022-05