PT-2021-20875 · Zammad · Zammad

Axel Franz

Published

2021-06-28

Updated

2022-07-12

CVE-2021-35299

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Zammad versions 1.0.x through 4.0.0

Description: The issue allows attackers to obtain sensitive information via email connection configuration probing due to incorrect access control.

Recommendations: For versions 1.0.x through 4.0.0, update to a version that includes the fix for this issue to prevent attackers from obtaining sensitive information.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2021-35299

Affected Products

Zammad

PT-2021-20875 · Zammad · Zammad

CVE-2021-35299

Weakness Enumeration

Related Identifiers

Affected Products

References · 4