CVE-2022-27332

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zammad version 5.0.3

Description An access control issue allows attackers to write entries to the CTI caller log without authentication. This can enable attackers to execute phishing attacks or cause a Denial of Service (DoS).

Recommendations For Zammad version 5.0.3, consider restricting access to the CTI caller log until a patch is available to prevent unauthorized writing of entries. As a temporary workaround, monitor the CTI caller log closely for suspicious activity to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2022-27332

Affected Products

Zammad

CVE-2022-27332

Weakness Enumeration

Related Identifiers

Affected Products

References · 4