CVE-2022-35490
First published: Mon Aug 08 2022(Updated: )
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zammad Zammad | =5.2.0 | |
| Zammad Zammad | =5.2.0-alpha |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-35490?
CVE-2022-35490 is a vulnerability in Zammad 5.2.0 that allows for privilege escalation.
How severe is CVE-2022-35490?
CVE-2022-35490 has a severity rating of critical (9.8).
What software versions are affected by CVE-2022-35490?
Zammad versions 5.2.0 and 5.2.0-alpha are affected by CVE-2022-35490.
Is there a prevention against brute-force attacks in Zammad?
Zammad has a prevention against brute-force attacks that is designed to invalidate users and prevent logins after a configurable number of attempts.
How can an attacker work around the brute-force prevention in Zammad and exploit CVE-2022-35490?
An attacker could potentially bypass the prevention measures in Zammad, allowing them to send more requests and potentially escalate privileges.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- vendor/zammad
- canonical/zammad zammad
- version/zammad zammad/5.2.0
- version/zammad zammad/5.2.0-alpha