Vulnerabilities > Zammad

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-26029 Incorrect Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-863
6.5
6.5
2020-12-28 CVE-2020-26028 Incorrect Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-863
4.9
4.9
2020-06-16 CVE-2020-14214 Incorrect Authorization vulnerability in Zammad
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions.
network
low complexity
zammad CWE-863
6.5
6.5
2020-06-16 CVE-2020-14213 Missing Authorization vulnerability in Zammad
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
network
low complexity
zammad CWE-862
5.4
5.4
2020-03-05 CVE-2020-10105 Files or Directories Accessible to External Parties vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad CWE-552
5.3
5.3
2020-03-05 CVE-2020-10104 Information Exposure vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad CWE-200
4.3
4.3
2020-03-05 CVE-2020-10103 Cross-site Scripting vulnerability in Zammad
An XSS issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad CWE-79
5.4
5.4
2020-03-05 CVE-2020-10102 Information Exposure Through Discrepancy vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
high complexity
zammad CWE-203
5.3
5.3
2020-03-05 CVE-2020-10101 Improper Handling of Exceptional Conditions vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad CWE-755
7.5
7.5
2020-03-05 CVE-2020-10100 Unspecified vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad
6.5
6.5