Is CVE-2022-27332 actively exploited?

CVE-2022-27332 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2022-27332?

CVE-2022-27332 has a CVSS score of 9.1 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

How do I patch CVE-2022-27332?

Patch guidance is available from zammad security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-27332.

Fix CVE-2022-27332 - CRITICAL zammad zammad

Description

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: high
Weaknesses: CWE-306 · Missing Authentication

Metadata

Primary Vendor: ZAMMAD
Published: 4/27/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zammad : zammad

Remediation Guidance

Executive Summary

Cite this page

CVE-2022-27332. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2022-27332

View on NIST NVD

CVE-2022-27332 vulnerability