Vulnerabilities > Zammad

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-42090 Deserialization of Untrusted Data vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad CWE-502
critical
 9.8
9.8
2021-10-07 CVE-2021-42091 Server-Side Request Forgery (SSRF) vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad CWE-918
critical
 9.1
9.1
2021-10-07 CVE-2021-42092 Cross-site Scripting vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad CWE-79
5.4
5.4
2021-10-07 CVE-2021-42093 Unspecified vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad
7.2
7.2
2021-10-07 CVE-2021-42094 Command Injection vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad CWE-77
critical
 9.8
9.8
2021-06-28 CVE-2021-35298 Cross-site Scripting vulnerability in Zammad
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
network
low complexity
zammad CWE-79
6.1
6.1
2021-06-28 CVE-2021-35299 Information Exposure Through Log Files vulnerability in Zammad
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
network
low complexity
zammad CWE-532
7.5
7.5
2021-06-28 CVE-2021-35300 Improper Restriction of Rendered UI Layers or Frames vulnerability in Zammad
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
network
low complexity
zammad CWE-1021
4.3
4.3
2021-06-28 CVE-2021-35301 Unspecified vulnerability in Zammad
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view.
network
low complexity
zammad
5.3
5.3
2021-06-28 CVE-2021-35302 Unspecified vulnerability in Zammad
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.
network
low complexity
zammad
5.3
5.3