CVE-2022-27332
CRITICALZammad < 5.1.0 - Unauthenticated CTI Caller Log Entry Injection
Title source: llmDescription
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://zammad.com/en/advisories/zaa-2022-01
Scores
CVSS v3
9.1
EPSS
0.0102
EPSS Percentile
58.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
zammad/zammad
< 5.1.0
Published
Apr 27, 2022
Tracked Since
Feb 18, 2026