CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37041
https://notcve.org/view.php?id=CVE-2022-37041
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting). Se ha detectado un problema en el archivo ProxyServlet.java en el servlet /proxy de Zimbra Collaboration Suite (ZCS) versiones 8.8.15 y 9.0. El valor del encabezado X-Forwarded-Host sobrescribe el valor de la cabecera Host en las peticiones proxy. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 3CVE-2022-37393 – Zimbra zmslapd arbitrary module load
https://notcve.org/view.php?id=CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. La configuración sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con parámetros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuración definido por el usuario, que incluye plugins en forma de archivos .so, que también son ejecutadas como root. • https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit https://github.com/rapid7/metasploit-framework/pull/16807 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32294
https://notcve.org/view.php?id=CVE-2022-32294
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced. Zimbra Collaboration Open Source versión 8.8.15, no cifra la contraseña de inicio de sesión creada aleatoriamente (desde el comando "zmprove ca"). Es visible en texto sin cifrar en el puerto UDP 514 (también se conoce como el puerto syslog) • https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command https://github.com/soheilsamanabadi/vulnerabilitys/pull/1 https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 94%CPEs: 2EXPL: 13CVE-2022-27925 – Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. Zimbra Collaboration (también se conoce como ZCS) versiones 8.8.15 y 9.0, presenta la funcionalidad mboximport que recibe un archivo ZIP y extrae archivos de él. Un usuario autenticado con derechos de administrador presenta la capacidad de cargar archivos arbitrarios en el sistema, conllevando a un salto de directorio Zimbra Collaboration (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution. • https://github.com/Josexv1/CVE-2022-27925 https://github.com/mohamedbenchikh/CVE-2022-27925 https://github.com/vnhacker1337/CVE-2022-27925-PoC https://github.com/Inplex-sys/CVE-2022-27925 https://github.com/lolminerxmrig/CVE-2022-27925-Revshell https://github.com/touchmycrazyredhat/CVE-2022-27925-Revshell https://github.com/Chocapikk/CVE-2022-27925-Revshell https://github.com/akincibor/CVE-2022-27925 https://github.com/miko550/CVE-2022-27925 https://github.com/navokus/CVE-2022-27 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2022-27924 – Zimbra Collaboration (ZCS) Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-27924
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. Zimbra Collaboration (también se conoce como ZCS) versiones 8.8.15 y 9.0, permite a un atacante no autenticado inyectar comandos arbitrarios de memcache en una instancia objetivo. Estos comandos de memcache son convertidos en no-escapados, causando una sobreescritura de entradas arbitrarias en la caché Zimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •