Vulnerabilities > Zammad
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-27 | CVE-2022-29701 | Allocation of Resources Without Limits or Throttling vulnerability in Zammad 5.1.0 A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | 7.5 |
| 2022-02-04 | CVE-2021-43145 | Unspecified vulnerability in Zammad 5.0.1 With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | 8.1 |
| 2022-02-04 | CVE-2021-44886 | Unspecified vulnerability in Zammad 5.0.2 In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. | 5.3 |
| 2021-10-11 | CVE-2021-42137 | Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 5.0.1. | 5.3 |
| 2021-10-07 | CVE-2021-42084 | Infinite Loop vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 6.5 |
| 2021-10-07 | CVE-2021-42085 | Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 5.4 |
| 2021-10-07 | CVE-2021-42086 | Unspecified vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 8.8 |
| 2021-10-07 | CVE-2021-42087 | Unspecified vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 4.9 |
| 2021-10-07 | CVE-2021-42088 | Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 6.1 |
| 2021-10-07 | CVE-2021-42089 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 7.5 |