Known Vulnerabilities for products from Zammad
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zammad".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34837 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34782 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34724 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34723 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34722 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34721 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34720 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34719 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34718 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-34248 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2023-31597 json | An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data o... | 6.5 - MEDIUM | 2023-05-18 | 2023-05-25 |
| CVE-2023-29868 json | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer ro... | 6.5 - MEDIUM | 2023-05-02 | 2023-05-10 |
| CVE-2023-29867 json | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about ... | 6.5 - MEDIUM | 2023-05-02 | 2023-05-10 |
| CVE-2022-48023 json | Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their... | 4.3 - MEDIUM | 2023-02-03 | 2023-02-09 |
| CVE-2022-48022 json | An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view inf... | 4.3 - MEDIUM | 2023-02-03 | 2023-02-09 |
| CVE-2022-48021 json | A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent... | 9.8 - CRITICAL | 2023-02-03 | 2023-02-09 |
| CVE-2022-40817 json | Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were s... | 4.3 - MEDIUM | 2022-09-27 | 2022-09-29 |
| CVE-2022-40816 json | Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer u... | 6.5 - MEDIUM | 2022-09-27 | 2023-08-08 |
| CVE-2022-35490 json | Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login... | 9.8 - CRITICAL | 2022-08-08 | 2022-08-12 |
| CVE-2022-35489 json | In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather ... | 6.5 - MEDIUM | 2022-08-08 | 2023-08-08 |
Known software with vulnerabilities from Zammad
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zammad | Zammad | 1.0.0 |