First published: Thu Mar 05 2020(Updated: )
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | >=1.0.0<=3.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-10097.
The severity of CVE-2020-10097 is medium with a CVSS score of 5.3.
The affected software is Zammad version 3.0 through 3.2.
CVE-2020-10097 may respond with verbose error messages that disclose internal application or infrastructure information, which could aid attackers in exploiting other vulnerabilities.
Yes, a fix is available. Please refer to the security advisory from Zammad for more information on how to mitigate this vulnerability.