Vulnerabilities > Zammad > Zammad > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2022-48021 | Unspecified vulnerability in Zammad 5.3.0 A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. | 9.8 |
| 2022-08-08 | CVE-2022-35490 | Improper Restriction of Excessive Authentication Attempts vulnerability in Zammad 5.2.0 Zammad 5.2.0 is vulnerable to privilege escalation. | 9.8 |
| 2022-04-27 | CVE-2022-27332 | Missing Authentication for Critical Function vulnerability in Zammad An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. | 9.1 |
| 2021-10-07 | CVE-2021-42091 | Server-Side Request Forgery (SSRF) vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 9.1 |
| 2021-10-07 | CVE-2021-42090 | Deserialization of Untrusted Data vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 9.8 |
| 2021-10-07 | CVE-2021-42094 | Command Injection vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 9.8 |
| 2020-12-28 | CVE-2020-26030 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 9.8 |
| 2017-03-13 | CVE-2017-5619 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 9.8 |
| 2017-03-13 | CVE-2017-6080 | Cross-Site Request Forgery (CSRF) vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. | 9.8 |