Vulnerability Details CVE-2022-35490
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.5%
CVSS Severity
CVSS v3 Score 9.8
References