Critical severity9.8NVD Advisory· Published Mar 13, 2017· Updated Jun 17, 2026
CVE-2017-6080
CVE-2017-6080
Description
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*range: <=1.0.3
- cpe:2.3:a:zammad:zammad:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.2.0:*:*:*:*:*:*:*
- (no CPE)range: <1.0.4, <1.1.3, <1.2.1
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/96937nvdThird Party AdvisoryVDB Entry
- zammad.com/de/news/security-advisory-zaa-2017-01nvdVendor Advisory
News mentions
0No linked articles in our index yet.