CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32294
https://notcve.org/view.php?id=CVE-2022-32294
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced. Zimbra Collaboration Open Source versión 8.8.15, no cifra la contraseña de inicio de sesión creada aleatoriamente (desde el comando "zmprove ca"). Es visible en texto sin cifrar en el puerto UDP 514 (también se conoce como el puerto syslog) • https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command https://github.com/soheilsamanabadi/vulnerabilitys/pull/1 https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 96%CPEs: 1EXPL: 0CVE-2022-27926 – Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-27926
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el componente /public/launchNewWindow.jsp de Zimbra Collaboration (también se conoce como ZCS) versión 9.0, permite a atacantes no autenticados ejecutar un script web o HTML arbitrario por medio de parámetros de petición Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories •
CVSS: 7.2EPSS: 94%CPEs: 2EXPL: 13CVE-2022-27925 – Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. Zimbra Collaboration (también se conoce como ZCS) versiones 8.8.15 y 9.0, presenta la funcionalidad mboximport que recibe un archivo ZIP y extrae archivos de él. Un usuario autenticado con derechos de administrador presenta la capacidad de cargar archivos arbitrarios en el sistema, conllevando a un salto de directorio Zimbra Collaboration (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution. • https://github.com/Josexv1/CVE-2022-27925 https://github.com/mohamedbenchikh/CVE-2022-27925 https://github.com/vnhacker1337/CVE-2022-27925-PoC https://github.com/Inplex-sys/CVE-2022-27925 https://github.com/lolminerxmrig/CVE-2022-27925-Revshell https://github.com/touchmycrazyredhat/CVE-2022-27925-Revshell https://github.com/Chocapikk/CVE-2022-27925-Revshell https://github.com/akincibor/CVE-2022-27925 https://github.com/miko550/CVE-2022-27925 https://github.com/navokus/CVE-2022-27 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2022-27924 – Zimbra Collaboration (ZCS) Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-27924
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. Zimbra Collaboration (también se conoce como ZCS) versiones 8.8.15 y 9.0, permite a un atacante no autenticado inyectar comandos arbitrarios de memcache en una instancia objetivo. Estos comandos de memcache son convertidos en no-escapados, causando una sobreescritura de entradas arbitrarias en la caché Zimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 2%CPEs: 31EXPL: 1CVE-2022-24682 – Zimbra Webmail Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-24682
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualización 1), como es explotado "in the wild" a partir de diciembre 2021. Un atacante podría colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. • https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra • CWE-116: Improper Encoding or Escaping of Output •