Lucene search
K

Zimbra Collaboration Suite - Memcached Command Injection

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 21 Views

Zimbra Collaboration Suite versions 8.8.15 and 9.0 have a memcached command injection enabling unauthenticated cache poisoning and credential theft.

Related
Refs
Code
id: CVE-2022-27924

info:
  name: Zimbra Collaboration Suite - Memcached Command Injection
  author: rxerium
  severity: high
  description: |
    Zimbra Collaboration Suite versions 8.8.15 and 9.0 contain a memcached command injection vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, leading to cache poisoning and potential credential theft.
  impact: |
    Successful exploitation allows attackers to overwrite arbitrary cached entries and steal user credentials in cleartext without user interaction. With valid credentials, attackers can perform spear phishing, social engineering, and business email compromise attacks, or maintain persistent access via webshells.
  remediation: |
    Update to Zimbra Collaboration Suite version 8.8.15 Patch 31 or 9.0.0 Patch 24.1 or later. Implement multi-factor authentication to mitigate credential theft impact.
  reference:
    - https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
    - https://nvd.nist.gov/vuln/detail/CVE-2022-27924
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-27924
    epss-score: 0.85398
    epss-percentile: 0.99692
    cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: synacor
    product: zimbra_collaboration_suite
    shodan-query:
      - http.title:"zimbra collaboration suite"
  tags: cve,cve2022,zimbra,injection,passive,vuln,kev,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/js/zimbraMail/share/model/ZmSettings.js"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Zimbra Collaboration Suite Web Client"

      - type: word
        part: header
        words:
          - "application/x-javascript"

      - type: word
        words:
          - "8.8.15"
          - "9.0"
        part: version

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - 'CLIENT_VERSION\",\s+{type:ZmSetting.T_CONFIG, defaultValue:\"(.*?)"'
# digest: 4b0a00483046022100ba5c385de0133de8939dd57d7cad0e5e914bd2943c04644e7c1328da11508bc8022100edd262c74942ba671a550f59cac1339cf2c33bf8f34bbda55175e98e3d5d8f66:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 25
CVSS 3.17.5
EPSS0.85398
SSVC
21