CVE-2022-35487
HIGHZammad 5.2.0 - Unauthenticated Incorrect Access Control in Attachment Endpoints
Title source: llmDescription
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://zammad.com/de/advisories/zaa-2022-08
Scores
CVSS v3
7.5
EPSS
0.0065
EPSS Percentile
46.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (1)
zammad/zammad
5.2.0 (2 CPE variants)
Published
Aug 08, 2022
Tracked Since
Feb 18, 2026