PT-2023-15554 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.3.0 Description: Insufficient privilege verification allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. The issue has been corrected so that only agents with write...

CVE-2022-26676 aEnrich a+HRD - Broken Access Control

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...