Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-67488
HistorySep 28, 2022 - 12:00 a.m.

Zimbra Collaboration Suite Remote Code Execution Vulnerability

2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

Zimbra Collaboration Suite (ZCS) is an open source collaborative office suite. The product includes WebMail, Calendar, Address Book, etc. A security vulnerability exists in Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0, which stems from a lack of valid authentication of uploaded files by the application. An unauthenticated remote attacker could exploit the vulnerability to write arbitrary files to any path on the user-accessible file system, which could enable the planting of a shell in the Web root directory, ultimately leading to arbitrary code execution on the target system.

Related

securelist 2
thn 3
prion 1
osv 1
githubexploit 2
cisa_kev 1
hivepro 1
cve 1
packetstorm 1
metasploit 1
zdt 1
nessus 2
attackerkb 3
rapid7blog 2
qualysblog 2
securelist
securelist
Advanced threat predictions for 2023
2022-11-14 08:00:24
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
thn
thn
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
2023-04-04 13:16:00
Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50:00
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
2022-10-08 07:50:00
prion
prion
Design/Logic Flaw
2022-09-26 02:15:00
osv
osv
CVE-2022-41352
2022-09-26 02:15:10
githubexploit
githubexploit
Exploit for Path Traversal in Zimbra Collaboration
2022-10-10 13:04:34
Exploit for Path Traversal in Zimbra Collaboration
2022-11-11 20:58:08
cisa_kev
cisa_kev
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
2022-10-20 00:00:00
hivepro
hivepro
Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite
2022-10-11 07:28:31
cve
cve
CVE-2022-41352
2022-09-26 02:15:00
packetstorm
packetstorm
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
metasploit
metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
zdt
zdt
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
nessus
nessus
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
2022-10-13 00:00:00
Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities
2022-10-13 00:00:00
attackerkb
attackerkb
CVE-2022-40684
2022-10-18 00:00:00
CVE-2023-2868
2023-07-05 00:00:00
CVE-2022-41352
2022-09-26 00:00:00
rapid7blog
rapid7blog
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
2022-10-06 17:13:34
Metasploit Weekly Wrap-Up
2022-10-21 17:31:54
qualysblog
qualysblog
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.
2022-10-11 20:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON
Related for CNVD-2022-67488
securelist2thn3prion1osv1githubexploit2cisa_kev1hivepro1cve1packetstorm1metasploit1zdt1nessus2attackerkb3rapid7blog2qualysblog2