CVE-2022-35488

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.
References
Link Resource
https://zammad.com/de/advisories/zaa-2022-05 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zammad:zammad:5.2.0:-:*:*:*:*:*:*
cpe:2.3:a:zammad:zammad:5.2.0:alpha:*:*:*:*:*:*

Information

Published : 2022-08-08 02:15

Updated : 2022-08-12 02:47


NVD link : CVE-2022-35488

Mitre link : CVE-2022-35488

Products Affected
No products.
CWE