Vulnerabilities > Zammad

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-26032 Server-Side Request Forgery (SSRF) vulnerability in Zammad
An SSRF issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-918
5.0
2020-12-28 CVE-2020-26031 Incorrect Default Permissions vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-276
4.0
2020-12-28 CVE-2020-26030 Improper Authentication vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-287
7.5
2020-12-28 CVE-2020-26029 Incorrect Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-863
4.0
2020-12-28 CVE-2020-26028 Incorrect Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-863
4.0
2020-06-16 CVE-2020-14214 Missing Authorization vulnerability in Zammad
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions.
network
zammad CWE-862
5.8
2020-06-16 CVE-2020-14213 Missing Authorization vulnerability in Zammad
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
network
low complexity
zammad CWE-862
5.5
2020-03-05 CVE-2020-10105 Information Exposure vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad CWE-200
5.0
2020-03-05 CVE-2020-10104 Information Exposure vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad CWE-200
4.0
2020-03-05 CVE-2020-10103 Cross-site Scripting vulnerability in Zammad
An XSS issue was discovered in Zammad 3.0 through 3.2.
network
zammad CWE-79
3.5