Home > Vulnerability Database > CVE-2022-40816

Mend.io Vulnerability Database

CVE-2022-40816

Good to know:

Date: September 27, 2022

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.

Language: Ruby

Severity Score

6.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-40816

Url: https://zammad.com/de/advisories/zaa-2022-09

Url: https://www.mend.io/vulnerability-database/CVE-2022-40816

Severity Score

6.5

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 5.2.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-40816

Good to know:

Date: September 27, 2022

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?