Vulnerabilities > Zammad > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-10 | CVE-2023-50453 | Unspecified vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.3 |
| 2023-12-10 | CVE-2023-50454 | Improper Certificate Validation vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.9 |
| 2023-12-10 | CVE-2023-50456 | Unspecified vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.3 |
| 2023-12-10 | CVE-2023-50457 | Incorrect Authorization vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 4.3 |
| 2023-05-18 | CVE-2023-31597 | Incorrect Authorization vulnerability in Zammad An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. | 6.5 |
| 2023-05-02 | CVE-2023-29867 | Unspecified vulnerability in Zammad 5.3.0/5.3.1 Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. | 6.5 |
| 2023-05-02 | CVE-2023-29868 | Unspecified vulnerability in Zammad 5.3.0/5.3.1 Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. | 6.5 |
| 2023-02-03 | CVE-2022-48022 | Unspecified vulnerability in Zammad 5.3.0 An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. | 4.3 |
| 2023-02-03 | CVE-2022-48023 | Unspecified vulnerability in Zammad 5.3.0 Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. | 4.3 |
| 2022-09-27 | CVE-2022-40816 | Incorrect Authorization vulnerability in Zammad 5.2.0/5.2.1 Zammad 5.2.1 is vulnerable to Incorrect Access Control. | 6.5 |