Vulnerabilities > Zammad > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-10 | CVE-2023-50455 | Allocation of Resources Without Limits or Throttling vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 7.5 |
| 2022-08-08 | CVE-2022-35488 | Unspecified vulnerability in Zammad 5.2.0 In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. | 7.5 |
| 2021-10-07 | CVE-2021-42090 | Deserialization of Untrusted Data vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 7.5 |
| 2021-10-07 | CVE-2021-42094 | Command Injection vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 7.5 |
| 2020-12-28 | CVE-2020-26030 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 7.5 |
| 2017-03-13 | CVE-2017-6080 | Cross-Site Request Forgery (CSRF) vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. | 7.5 |
| 2017-03-13 | CVE-2017-5619 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 7.5 |