← Back to CVEs
CVE-2022-35490
CRITICAL9.8
Description
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/8/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
zammad:zammad
Weaknesses (CWE)
CWE-307
References
https://zammad.com/de/advisories/zaa-2022-07(cve@mitre.org)
https://zammad.com/de/advisories/zaa-2022-07(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.