Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-27	CVE-2022-40817	Incorrect Permission Assignment for Critical Resource vulnerability in Zammad 5.2.0/5.2.1 Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. network low complexity zammad CWE-732	4.3
2022-08-08	CVE-2022-35489	Unspecified vulnerability in Zammad 5.2.0 In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. network low complexity zammad	6.5
2022-04-27	CVE-2022-27331	Exposure of Resource to Wrong Sphere vulnerability in Zammad An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. network low complexity zammad CWE-668	4.3
2022-02-04	CVE-2021-44886	Unspecified vulnerability in Zammad 5.0.2 In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. network low complexity zammad	5.3
2021-10-11	CVE-2021-42137	Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 5.0.1. network low complexity zammad CWE-863	5.3
2021-10-07	CVE-2021-42084	Infinite Loop vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-835	6.5
2021-10-07	CVE-2021-42085	Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-79	5.4
2021-10-07	CVE-2021-42087	Unspecified vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad	4.9
2021-10-07	CVE-2021-42088	Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-79	6.1
2021-10-07	CVE-2021-42092	Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-79	5.4