CVE-2022-27924

🗓️ 20 Apr 2022 23:23:17Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 942 Views🌐 WEB

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows unauthenticated attacker to inject arbitrary memcache commands, leading to overwrite of cached entries

Reporter	Title	Published	Views	Family All 34
GithubExploit	Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite	20 Aug 202215:58	–	githubexploit
GithubExploit	Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite	19 Aug 202417:17	–	githubexploit
ICS	Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite	27 Jan 202312:00	–	ics
ICS	2022 Top Routinely Exploited Vulnerabilities	3 Aug 202312:00	–	ics
ICS	NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations	5 Oct 202312:00	–	ics
ATTACKERKB	CVE-2022-27925	21 Apr 202200:00	–	attackerkb
ATTACKERKB	CVE-2022-37393	16 Aug 202220:15	–	attackerkb
ATTACKERKB	CVE-2024-45519	2 Oct 202400:00	–	attackerkb
ATTACKERKB	CVE-2022-27924	21 Apr 202200:00	–	attackerkb
BDU FSTEC	The vulnerability of the corporate email management system Zimbra Collaboration Suite arises from the lack of measures to neutralize specific elements within it. This allows attackers to re-record any cached data.	13 Jul 202200:00	–	bdu_fstec

NVD

Node

synacor zimbra_collaboration_suiteMatch8.8.15-

synacor zimbra_collaboration_suiteMatch8.8.15p1

synacor zimbra_collaboration_suiteMatch8.8.15p10

synacor zimbra_collaboration_suiteMatch8.8.15p11

synacor zimbra_collaboration_suiteMatch8.8.15p12

synacor zimbra_collaboration_suiteMatch8.8.15p13

synacor zimbra_collaboration_suiteMatch8.8.15p14

synacor zimbra_collaboration_suiteMatch8.8.15p15

synacor zimbra_collaboration_suiteMatch8.8.15p16

synacor zimbra_collaboration_suiteMatch8.8.15p17

synacor zimbra_collaboration_suiteMatch8.8.15p18

synacor zimbra_collaboration_suiteMatch8.8.15p19

synacor zimbra_collaboration_suiteMatch8.8.15p2

synacor zimbra_collaboration_suiteMatch8.8.15p20

synacor zimbra_collaboration_suiteMatch8.8.15p21

synacor zimbra_collaboration_suiteMatch8.8.15p22

synacor zimbra_collaboration_suiteMatch8.8.15p23

synacor zimbra_collaboration_suiteMatch8.8.15p24

synacor zimbra_collaboration_suiteMatch8.8.15p25

synacor zimbra_collaboration_suiteMatch8.8.15p26

synacor zimbra_collaboration_suiteMatch8.8.15p27

synacor zimbra_collaboration_suiteMatch8.8.15p28

synacor zimbra_collaboration_suiteMatch8.8.15p29

synacor zimbra_collaboration_suiteMatch8.8.15p3

synacor zimbra_collaboration_suiteMatch8.8.15p30

synacor zimbra_collaboration_suiteMatch8.8.15p31

synacor zimbra_collaboration_suiteMatch8.8.15p4

synacor zimbra_collaboration_suiteMatch8.8.15p5

synacor zimbra_collaboration_suiteMatch8.8.15p6

synacor zimbra_collaboration_suiteMatch8.8.15p7

synacor zimbra_collaboration_suiteMatch8.8.15p8

synacor zimbra_collaboration_suiteMatch8.8.15p9

synacor zimbra_collaboration_suiteMatch9.0.0-

synacor zimbra_collaboration_suiteMatch9.0.0p1

synacor zimbra_collaboration_suiteMatch9.0.0p10

synacor zimbra_collaboration_suiteMatch9.0.0p11

synacor zimbra_collaboration_suiteMatch9.0.0p12

synacor zimbra_collaboration_suiteMatch9.0.0p13

synacor zimbra_collaboration_suiteMatch9.0.0p14

synacor zimbra_collaboration_suiteMatch9.0.0p15

synacor zimbra_collaboration_suiteMatch9.0.0p16

synacor zimbra_collaboration_suiteMatch9.0.0p17

synacor zimbra_collaboration_suiteMatch9.0.0p18

synacor zimbra_collaboration_suiteMatch9.0.0p19

synacor zimbra_collaboration_suiteMatch9.0.0p2

synacor zimbra_collaboration_suiteMatch9.0.0p20

synacor zimbra_collaboration_suiteMatch9.0.0p21

synacor zimbra_collaboration_suiteMatch9.0.0p22

synacor zimbra_collaboration_suiteMatch9.0.0p23

synacor zimbra_collaboration_suiteMatch9.0.0p3

synacor zimbra_collaboration_suiteMatch9.0.0p4

synacor zimbra_collaboration_suiteMatch9.0.0p5

synacor zimbra_collaboration_suiteMatch9.0.0p6

synacor zimbra_collaboration_suiteMatch9.0.0p7

synacor zimbra_collaboration_suiteMatch9.0.0p8

synacor zimbra_collaboration_suiteMatch9.0.0p9

Source	Link
wiki	www.wiki.zimbra.com/wiki/Zimbra_Security_Advisories
wiki	www.wiki.zimbra.com/wiki/Security_Center
wiki	www.wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
../../../../mailboxd/webapps/zimbraAdmin/	path	zimbraAdmin/BQOQBN.jsp	Authenticated path traversal leading to webshell placement on zimbraAdmin via compromised path.	CWE-22
../../../../mailboxd/webapps/zimbraAdmin/	path	zimbraAdmin/7RRT4G.jsp	Webshell location generated by exploit, demonstrating remote access after traversal.	CWE-22
../../../../jetty_base/webapps/zimbraAdmin/	path	zimbraAdmin/7RRT4G.jsp	Webshell location generated by exploit, demonstrating remote access after traversal.	CWE-22
../../../../jetty/webapps/zimbraAdmin/	path	zimbraAdmin/7RRT4G.jsp	Webshell location generated by exploit, demonstrating remote access after traversal.	CWE-22

17 Jun 2026 04:37Current

7.8High risk

Vulners AI Score7.8

CVSS 25

CVSS 3.17.5

EPSS0.84593

SSVC