Vulnerabilities > Zammad > Zammad > 2.8.1

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2023-31597 Incorrect Authorization vulnerability in Zammad
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user.
network
low complexity
zammad CWE-863
6.5
2022-04-27 CVE-2022-27331 Exposure of Resource to Wrong Sphere vulnerability in Zammad
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
network
low complexity
zammad CWE-668
4.0
2022-04-27 CVE-2022-27332 Missing Authentication for Critical Function vulnerability in Zammad
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication.
network
low complexity
zammad CWE-306
critical
9.1
2021-10-11 CVE-2021-42137 Incorrect Authorization vulnerability in Zammad
An issue was discovered in Zammad before 5.0.1.
network
low complexity
zammad CWE-863
5.0
2021-10-07 CVE-2021-42084 Infinite Loop vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad CWE-835
4.0
2021-10-07 CVE-2021-42085 Cross-site Scripting vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
zammad CWE-79
3.5
2021-10-07 CVE-2021-42086 Unspecified vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad
6.5
2021-10-07 CVE-2021-42087 Unspecified vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad
4.0
2021-10-07 CVE-2021-42088 Cross-site Scripting vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
zammad CWE-79
4.3
2021-10-07 CVE-2021-42089 Information Exposure vulnerability in Zammad
An issue was discovered in Zammad before 4.1.1.
network
low complexity
zammad CWE-200
5.0