CVE-2024-49193

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-290
View all →

Vulnerability Description

Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the support e-mail addresses associated with individual tickets are predictable.

Related Vulnerabilities

CVE-2017-11717

HIGH
CVSS:7.5(High)

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data strea...

CWE-2902017

CVE-2017-18190

HIGH
CVSS:7.5(High)

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon...

CWE-2902017

CVE-2017-6405

HIGH
CVSS:7.5(High)

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.

CWE-2902017

CVE-2018-15588

HIGH
CVSS:7.5(High)

MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.

CWE-2902018

CVE-2019-11189

HIGH
CVSS:7.5(High)

Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via da...

CWE-2902019

CVE-2019-1234

HIGH
CVSS:7.5(High)

A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.

CWE-2902019