CVE-2024-33667

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 6.3.0

Description An issue allows an authenticated agent to perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist.

Recommendations For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to endpoints that accept generic method names to minimize the risk of exploitation.