Vulnerabilities > Zammad > Zammad > 5.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-18 | CVE-2023-31597 | Incorrect Authorization vulnerability in Zammad An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. | 6.5 |
2022-04-27 | CVE-2022-29700 | Weak Password Requirements vulnerability in Zammad 5.1.0 A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | 5.0 |
2022-04-27 | CVE-2022-29701 | Allocation of Resources Without Limits or Throttling vulnerability in Zammad 5.1.0 A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | 5.0 |