CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.035

EPSS Ranking 87.1%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2022-37393

Zimbra » Collaboration » Version: 8.7.10

cpe:2.3:a:zimbra:collaboration:8.7.10
Zimbra » Collaboration » Version: 8.7.11

cpe:2.3:a:zimbra:collaboration:8.7.11
Zimbra » Collaboration » Version: 8.7.6

cpe:2.3:a:zimbra:collaboration:8.7.6
Zimbra » Collaboration » Version: 8.7.7

cpe:2.3:a:zimbra:collaboration:8.7.7
Zimbra » Collaboration » Version: 8.7.9

cpe:2.3:a:zimbra:collaboration:8.7.9
Zimbra » Collaboration » Version: 8.8.0

cpe:2.3:a:zimbra:collaboration:8.8.0
Zimbra » Collaboration » Version: 8.8.10

cpe:2.3:a:zimbra:collaboration:8.8.10
Zimbra » Collaboration » Version: 8.8.11

cpe:2.3:a:zimbra:collaboration:8.8.11
Zimbra » Collaboration » Version: 8.8.12

cpe:2.3:a:zimbra:collaboration:8.8.12
Zimbra » Collaboration » Version: 8.8.15

cpe:2.3:a:zimbra:collaboration:8.8.15
Zimbra » Collaboration » Version: 8.8.2

cpe:2.3:a:zimbra:collaboration:8.8.2
Zimbra » Collaboration » Version: 8.8.3

cpe:2.3:a:zimbra:collaboration:8.8.3
Zimbra » Collaboration » Version: 8.8.4

cpe:2.3:a:zimbra:collaboration:8.8.4
Zimbra » Collaboration » Version: 8.8.6

cpe:2.3:a:zimbra:collaboration:8.8.6
Zimbra » Collaboration » Version: 8.8.7

cpe:2.3:a:zimbra:collaboration:8.8.7
Zimbra » Collaboration » Version: 8.8.8

cpe:2.3:a:zimbra:collaboration:8.8.8
Zimbra » Collaboration » Version: 8.8.9

cpe:2.3:a:zimbra:collaboration:8.8.9
Zimbra » Collaboration » Version: 9.0.0

cpe:2.3:a:zimbra:collaboration:9.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-37393

Products

Pricing

Contact Us