Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-41352
HistorySep 26, 2022 - 2:15 a.m.

CVE-2022-41352

2022-09-2602:15:10
CWE-22
[email protected]
web.nvd.nist.gov
1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.955 High

EPSS

Percentile

99.4%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

Affected configurations

NVD
Node
zimbracollaborationMatch8.8.15-
OR
zimbracollaborationMatch9.0.0-

Related

osv 1
prion 1
cnvd 1
thn 3
securelist 2
githubexploit 2
cisa_kev 1
cvelist 1
cve 1
hivepro 1
zdt 1
packetstorm 1
metasploit 1
nessus 2
attackerkb 3
rapid7blog 2
qualysblog 2
osv
osv
CVE-2022-41352
2022-09-26 02:15:10
prion
prion
Design/Logic Flaw
2022-09-26 02:15:00
cnvd
cnvd
Zimbra Collaboration Suite Remote Code Execution Vulnerability
2022-09-28 00:00:00
thn
thn
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
2023-04-04 13:16:00
Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50:00
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
2022-10-08 07:50:00
securelist
securelist
Advanced threat predictions for 2023
2022-11-14 08:00:24
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
githubexploit
githubexploit
Exploit for Path Traversal in Zimbra Collaboration
2022-10-10 13:04:34
Exploit for Path Traversal in Zimbra Collaboration
2022-11-11 20:58:08
cisa_kev
cisa_kev
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
2022-10-20 00:00:00
cvelist
cvelist
CVE-2022-41352
2022-09-26 00:00:00
cve
cve
CVE-2022-41352
2022-09-26 02:15:10
hivepro
hivepro
Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite
2022-10-11 07:28:31
zdt
zdt
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
packetstorm
packetstorm
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
metasploit
metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
nessus
nessus
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
2022-10-13 00:00:00
Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities
2022-10-13 00:00:00
attackerkb
attackerkb
CVE-2022-40684
2022-10-18 00:00:00
CVE-2022-41352
2022-09-26 00:00:00
CVE-2023-2868
2023-07-05 00:00:00
rapid7blog
rapid7blog
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
2022-10-06 17:13:34
Metasploit Weekly Wrap-Up
2022-10-21 17:31:54
qualysblog
qualysblog
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.
2022-10-11 20:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.955 High

EPSS

Percentile

99.4%

JSON
Related for NVD:CVE-2022-41352
osv1prion1cnvd1thn3securelist2githubexploit2cisa_kev1cvelist1cve1hivepro1zdt1packetstorm1metasploit1nessus2attackerkb3rapid7blog2qualysblog2