Arbitrary Code Execution in Zammad v5.3.0 by Arbitrary Message Manipulation
CVE-2022-48021

9.8CRITICAL

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 3 February 2023

What is CVE-2022-48021?

A vulnerability exists in Zammad version 5.3.0, where attackers can exploit this flaw to execute arbitrary code or escalate privileges. This can be achieved by sending a specially crafted message to the server. Addressing this vulnerability is critical to maintain the security and integrity of the system, as it poses a significant risk if left unremedied. For more information, check the advisory on Zammad's official site.

References

https://zammad.com/de/advisories/zaa-2022-11

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Dec 29, 2022

CVE-2022-48021 Data

JSON