CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-27924

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.618

EPSS Ranking 98.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

Proposed Action

Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.

Ransomware Campaign

Known

References

https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Products affected by CVE-2022-27924

Zimbra » Collaboration » Version: 8.8.15

cpe:2.3:a:zimbra:collaboration:8.8.15
Zimbra » Collaboration » Version: 9.0.0

cpe:2.3:a:zimbra:collaboration:9.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27924

Products

Pricing

Contact Us