CVSS 3.1 Score 5.9 of 10 (medium)


Published Dec 10, 2023
Updated: Dec 13, 2023
CWE ID 295


CVE-2023-50454 is a vulnerability discovered in Zammad before version 6.2.0. The vulnerability exists in several subsystems where SSL/TLS connections are established with external services without proper validation of hostname and certificate authority, making it exploitable by man-in-the-middle attackers. This vulnerability affects the products t9y8e4, t9y8e5, and t9y8e3. To remediate this vulnerability, users should update to Zammad version 6.2.0 or later. The potential danger posed by this vulnerability is high confidentiality impact, as attackers could intercept and manipulate sensitive data transmitted over insecure connections.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50454 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options