Lucene search
+L

CVE-2022-37393

🗓️ 16 Aug 2022 20:00:19Reported by rapid7Type 
cve
 cve
🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 265 Views🌐 WEB

Zimbra's sudo configuration allows zimbra user to execute zmslapd as root with arbitrary parameters

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today
Zimbra zmslapd Privilege Escalation Exploit
10 Aug 202200:00
zdt
ATTACKERKB
CVE-2022-27925
21 Apr 202200:00
attackerkb
ATTACKERKB
CVE-2022-37393
16 Aug 202220:15
attackerkb
ATTACKERKB
CVE-2022-41352
26 Sep 202200:00
attackerkb
ATTACKERKB
CVE-2024-45519
2 Oct 202400:00
attackerkb
BDU FSTEC
The vulnerability of the zmslapd function in the Zimbra Collaboration Suite’s email management system allows a hacker to execute arbitrary code.
24 Aug 202200:00
bdu_fstec
Circl
CVE-2022-37393
9 Aug 202216:39
circl
CNNVD
Zimbra 安全漏洞
10 Aug 202200:00
cnnvd
Cvelist
CVE-2022-37393 Zimbra zmslapd arbitrary module load
16 Aug 202220:00
cvelist
EUVD
EUVD-2022-40027
3 Oct 202520:07
euvd
Rows per page
NVD
Node
OR
zimbracollaborationMatch8.7.11p1
zimbracollaborationMatch8.7.11p10
zimbracollaborationMatch8.7.11p11
zimbracollaborationMatch8.7.11p12
zimbracollaborationMatch8.7.11p13
zimbracollaborationMatch8.7.11p14
zimbracollaborationMatch8.7.11p15
zimbracollaborationMatch8.7.11p2
zimbracollaborationMatch8.7.11p3
zimbracollaborationMatch8.7.11p4
zimbracollaborationMatch8.7.11p5
zimbracollaborationMatch8.7.11p6
zimbracollaborationMatch8.7.11p7
zimbracollaborationMatch8.7.11p8
zimbracollaborationMatch8.7.11p9
zimbracollaborationMatch8.8.0beta1
zimbracollaborationMatch8.8.9p10
zimbracollaborationMatch8.8.10p8
zimbracollaborationMatch8.8.11p3
zimbracollaborationMatch8.8.11p4
zimbracollaborationMatch8.8.11p5
zimbracollaborationMatch8.8.12p3
zimbracollaborationMatch8.8.12p4
zimbracollaborationMatch8.8.15p11
zimbracollaborationMatch8.8.15p26
zimbracollaborationMatch8.8.15p3
zimbracollaborationMatch8.8.15p30
zimbracollaborationMatch8.8.15p31
zimbracollaborationMatch8.8.15p32
zimbracollaborationMatch8.8.15p33
zimbracollaborationMatch8.8.15p34
zimbracollaborationMatch8.8.15p5
zimbracollaborationMatch9.0.0p19
zimbracollaborationMatch9.0.0p23
zimbracollaborationMatch9.0.0p25
zimbracollaborationMatch9.0.0p26
zimbracollaborationMatch9.0.0p27
zimbracollaborationMatch9.0.0p7.1
[
  {
    "product": "Zimbra Server",
    "vendor": "Synacor",
    "versions": [
      {
        "lessThanOrEqual": "9.0.0.p27",
        "status": "affected",
        "version": "9.0.0.p27",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "8.8.15.p34",
        "status": "affected",
        "version": "8.8.15.p34",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
-fpath/opt/zimbra/libexec/zmslapdLocal privilege escalation by abusing zmslapd loading a user-supplied configuration (.conf) that loads a .so plugin executed as root.CWE-284
config_pathpath/opt/zimbra/libexec/zmslapdLocal privilege escalation by abusing zmslapd loading a user-supplied configuration (.conf) that loads a .so plugin executed as root.CWE-284
modulepathpath/opt/zimbra/libexec/zmslapdLocal privilege escalation by abusing zmslapd loading a user-supplied configuration (.conf) that loads a .so plugin executed as root.CWE-284
moduleloadpath/opt/zimbra/libexec/zmslapdLocal privilege escalation by abusing zmslapd loading a user-supplied configuration (.conf) that loads a .so plugin executed as root.CWE-284

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:55Current
8.7High risk
Vulners AI Score8.7
CVSS 3.17.8
EPSS0.01683
265