CVE-2022-32294

EPSS 1.96%
Veröffentlicht 11.07.2022 03:15:07
Zuletzt bearbeitet 21.11.2024 07:06:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zimbra ≫ Collaboration Version8.8.15 SwEditionopen_source

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.96%	0.777

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Vendor Advisory

Not Applicable

https://wiki.zimbra.com/wiki/Security_Center

Vendor Advisory

Not Applicable

https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command

Third Party Advisory

https://github.com/soheilsamanabadi/vulnerabilitys/pull/1

Third Party Advisory

https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e

https://nvd.nist.gov/vuln/detail/CVE-2022-32294