1.3.1

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-18	CVE-2023-31597	Incorrect Authorization vulnerability in Zammad An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. network low complexity zammad CWE-863	6.5
2022-04-27	CVE-2022-27331	Exposure of Resource to Wrong Sphere vulnerability in Zammad An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. network low complexity zammad CWE-668	4.3
2022-04-27	CVE-2022-27332	Missing Authentication for Critical Function vulnerability in Zammad An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. network low complexity zammad CWE-306 critical	9.1
2021-10-11	CVE-2021-42137	Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 5.0.1. network low complexity zammad CWE-863	5.3
2021-10-07	CVE-2021-42084	Infinite Loop vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-835	6.5
2021-10-07	CVE-2021-42085	Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-79	5.4
2021-10-07	CVE-2021-42086	Unspecified vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad	8.8
2021-10-07	CVE-2021-42087	Unspecified vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad	4.9
2021-10-07	CVE-2021-42088	Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-79	6.1
2021-10-07	CVE-2021-42089	Information Exposure vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-200	7.5