Lucene search
K

8 matches found

NVD
NVD
added 2023/02/03 1:15 a.m.21 views

CVE-2022-48022

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...

4.3CVSS4.4AI score0.00496EPSS
Exploits0References1
NVD
NVD
added 2023/02/03 1:15 a.m.21 views

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

4.3CVSS4.6AI score0.00449EPSS
Exploits0References1
NVD
NVD
added 2023/02/03 1:15 a.m.20 views

CVE-2022-48021

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

9.8CVSS9.7AI score0.00879EPSS
Exploits0References1
OSV
OSV
added 2023/02/03 1:15 a.m.20 views

CVE-2022-48021

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

9.8CVSS9.7AI score
Exploits0References1
Prion
Prion
added 2023/02/03 1:15 a.m.13 views

Design/Logic Flaw

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...

4CVSS4.4AI score0.00496EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/03 1:15 a.m.26 views

Design/Logic Flaw

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

7.5CVSS9.6AI score0.00879EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/03 12:0 a.m.21 views

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

4.8AI score0.00449EPSS
Exploits0References1
CVE
CVE
added 2023/02/03 12:0 a.m.46 views

CVE-2022-48023

Zammad CVE-2022-48023: A privilege-verification flaw in Zammad v5.3.0 permits an authenticated user to modify ticket tags via the API. The issue is corrected in v5.3.1, restricting tag changes to agents with write permissions. The available documents do not provide exploitation details. If using ...

4.3CVSS4.6AI score0.00449EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder