CVE-2021-35302
First published: Mon Jun 28 2021(Updated: )
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zammad Zammad | >=1.0.0<=4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zammad vulnerability?
The vulnerability ID for this Zammad vulnerability is CVE-2021-35302.
What is the severity level of CVE-2021-35302?
The severity level of CVE-2021-35302 is medium with a CVSS score of 5.3.
How does CVE-2021-35302 affect Zammad?
CVE-2021-35302 allows remote attackers to obtain sensitive information by exploiting an incorrect access control for linked tickets in Zammad 1.0.x up to 4.0.0.
What software versions are affected by CVE-2021-35302?
Zammad versions 1.0.x up to 4.0.0 are affected by CVE-2021-35302.
How can the vulnerability in Zammad be fixed?
To fix the vulnerability in Zammad, upgrade to a version higher than 4.0.0.
- collector/nvd-index
- agent/tags
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/zammad
- canonical/zammad zammad
- version/zammad zammad/1.0.0
- version/zammad zammad/4.0.0