Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-41352
HistorySep 26, 2022 - 12:00 a.m.

CVE-2022-41352

2022-09-2600:00:00
mitre
www.cve.org
1
zimbra collaboration
arbitrary file upload
vulnerability
user accounts
amavis
cpio
pax
ubuntu
red hat

9.6 High

AI Score

Confidence

High

0.955 High

EPSS

Percentile

99.4%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

Related

thn 3
securelist 2
nvd 1
osv 1
prion 1
cnvd 1
githubexploit 2
cisa_kev 1
cve 1
hivepro 1
zdt 1
packetstorm 1
metasploit 1
nessus 2
rapid7blog 2
attackerkb 3
qualysblog 2
thn
thn
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
2023-04-04 13:16:00
Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50:00
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
2022-10-08 07:50:00
securelist
securelist
Advanced threat predictions for 2023
2022-11-14 08:00:24
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
nvd
nvd
CVE-2022-41352
2022-09-26 02:15:10
osv
osv
CVE-2022-41352
2022-09-26 02:15:10
prion
prion
Design/Logic Flaw
2022-09-26 02:15:00
cnvd
cnvd
Zimbra Collaboration Suite Remote Code Execution Vulnerability
2022-09-28 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Zimbra Collaboration
2022-10-10 13:04:34
Exploit for Path Traversal in Zimbra Collaboration
2022-11-11 20:58:08
cisa_kev
cisa_kev
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
2022-10-20 00:00:00
cve
cve
CVE-2022-41352
2022-09-26 02:15:10
hivepro
hivepro
Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite
2022-10-11 07:28:31
zdt
zdt
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
packetstorm
packetstorm
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
metasploit
metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
nessus
nessus
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
2022-10-13 00:00:00
Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities
2022-10-13 00:00:00
rapid7blog
rapid7blog
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
2022-10-06 17:13:34
Metasploit Weekly Wrap-Up
2022-10-21 17:31:54
attackerkb
attackerkb
CVE-2022-40684
2022-10-18 00:00:00
CVE-2023-2868
2023-07-05 00:00:00
CVE-2022-41352
2022-09-26 00:00:00
qualysblog
qualysblog
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.
2022-10-11 20:00:00

9.6 High

AI Score

Confidence

High

0.955 High

EPSS

Percentile

99.4%

JSON
Related for CVELIST:CVE-2022-41352
thn3securelist2nvd1osv1prion1cnvd1githubexploit2cisa_kev1cve1hivepro1zdt1packetstorm1metasploit1nessus2rapid7blog2attackerkb3qualysblog2