Vulnerabilities > Zammad > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-05 | CVE-2025-32359 | Unspecified vulnerability in Zammad 6.4.0/6.4.1 In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. | 8.8 |
| 2025-04-05 | CVE-2025-32360 | Unspecified vulnerability in Zammad 6.4.0/6.4.1 In Zammad 6.4.x before 6.4.2, there is information exposure. | 8.1 |
| 2023-12-10 | CVE-2023-50455 | Allocation of Resources Without Limits or Throttling vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 7.5 |
| 2022-08-08 | CVE-2022-35487 | Incorrect Authorization vulnerability in Zammad 5.2.0 Zammad 5.2.0 suffers from Incorrect Access Control. | 7.5 |
| 2022-08-08 | CVE-2022-35488 | Unspecified vulnerability in Zammad 5.2.0 In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. | 7.5 |
| 2022-04-27 | CVE-2022-29700 | Weak Password Requirements vulnerability in Zammad 5.1.0 A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | 7.5 |
| 2022-04-27 | CVE-2022-29701 | Allocation of Resources Without Limits or Throttling vulnerability in Zammad 5.1.0 A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | 7.5 |
| 2022-02-04 | CVE-2021-43145 | Unspecified vulnerability in Zammad 5.0.1 With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | 8.1 |
| 2021-10-07 | CVE-2021-42086 | Unspecified vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 8.8 |
| 2021-10-07 | CVE-2021-42089 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 7.5 |