Lucene search
China National Vulnerability DatabaseCNVD-2023-97696HistoryDec 13, 2023 - 12:00 a.m.
Zammad Trust Management Issues Vulnerabilities
2023-12-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
zammad
trust management
vulnerability
ssl/tls
hostname validation
certificate authority
man-in-the-middle attack
cnvd
Zammad is a suite of ticket management software from the German company Zammad. A trust management issue vulnerability exists in Zammad that stems from the fact that SSL/TLS is used in multiple subsystems to establish connections to external services without properly validating the hostname and certificate authority, which could be exploited by an attacker to cause a man-in-the-middle attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zammad zammad | eq | 6.1.0 |
Related
osv
osv
CVE-2023-50454
2023-12-10 19:15:07
cvelist
cvelist
CVE-2023-50454
2023-12-10 00:00:00
cve
cve
CVE-2023-50454
2023-12-10 19:15:07
prion
prion
Design/Logic Flaw
2023-12-10 19:15:00
nvd
nvd
CVE-2023-50454
2023-12-10 19:15:07