Описание
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.0 (исключая)
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00434
Низкий
9.1 Critical
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 9.1
debian
почти 4 года назад
An access control issue in Zammad v5.0.3 allows attackers to write ent ...
CVSS3: 9.1
github
почти 4 года назад
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
EPSS
Процентиль: 62%
0.00434
Низкий
9.1 Critical
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-306