7.8
CVE-2022-37393
- EPSS 1.68%
- Veröffentlicht 16.08.2022 20:15:07
- Zuletzt bearbeitet 21.11.2024 07:14:54
- Quelle cve@rapid7.com
- CVE-Watchlists
- Unerledigt
LoginZimbra zmslapd arbitrary module load
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zimbra ≫ Collaboration Version8.7.6
Zimbra ≫ Collaboration Version8.7.7
Zimbra ≫ Collaboration Version8.7.9
Zimbra ≫ Collaboration Version8.7.10
Zimbra ≫ Collaboration Version8.7.11 Update-
Zimbra ≫ Collaboration Version8.7.11 Updatep1
Zimbra ≫ Collaboration Version8.7.11 Updatep10
Zimbra ≫ Collaboration Version8.7.11 Updatep11
Zimbra ≫ Collaboration Version8.7.11 Updatep12
Zimbra ≫ Collaboration Version8.7.11 Updatep13
Zimbra ≫ Collaboration Version8.7.11 Updatep14
Zimbra ≫ Collaboration Version8.7.11 Updatep15
Zimbra ≫ Collaboration Version8.7.11 Updatep2
Zimbra ≫ Collaboration Version8.7.11 Updatep3
Zimbra ≫ Collaboration Version8.7.11 Updatep4
Zimbra ≫ Collaboration Version8.7.11 Updatep5
Zimbra ≫ Collaboration Version8.7.11 Updatep6
Zimbra ≫ Collaboration Version8.7.11 Updatep7
Zimbra ≫ Collaboration Version8.7.11 Updatep8
Zimbra ≫ Collaboration Version8.7.11 Updatep9
Zimbra ≫ Collaboration Version8.8.0 Updatebeta1
Zimbra ≫ Collaboration Version8.8.2
Zimbra ≫ Collaboration Version8.8.3
Zimbra ≫ Collaboration Version8.8.4
Zimbra ≫ Collaboration Version8.8.6
Zimbra ≫ Collaboration Version8.8.7
Zimbra ≫ Collaboration Version8.8.8 Update-
Zimbra ≫ Collaboration Version8.8.8 Updatep1
Zimbra ≫ Collaboration Version8.8.8 Updatep3
Zimbra ≫ Collaboration Version8.8.8 Updatep4
Zimbra ≫ Collaboration Version8.8.8 Updatep7
Zimbra ≫ Collaboration Version8.8.9 Update-
Zimbra ≫ Collaboration Version8.8.9 Updatep1
Zimbra ≫ Collaboration Version8.8.9 Updatep10
Zimbra ≫ Collaboration Version8.8.9 Updatep3
Zimbra ≫ Collaboration Version8.8.10 Update-
Zimbra ≫ Collaboration Version8.8.10 Updatep8
Zimbra ≫ Collaboration Version8.8.11 Update-
Zimbra ≫ Collaboration Version8.8.11 Updatep3
Zimbra ≫ Collaboration Version8.8.11 Updatep4
Zimbra ≫ Collaboration Version8.8.11 Updatep5
Zimbra ≫ Collaboration Version8.8.12 Update-
Zimbra ≫ Collaboration Version8.8.12 Updatep3
Zimbra ≫ Collaboration Version8.8.12 Updatep4
Zimbra ≫ Collaboration Version8.8.15 Update-
Zimbra ≫ Collaboration Version8.8.15 Updatep11
Zimbra ≫ Collaboration Version8.8.15 Updatep26
Zimbra ≫ Collaboration Version8.8.15 Updatep3
Zimbra ≫ Collaboration Version8.8.15 Updatep30
Zimbra ≫ Collaboration Version8.8.15 Updatep31
Zimbra ≫ Collaboration Version8.8.15 Updatep32
Zimbra ≫ Collaboration Version8.8.15 Updatep33
Zimbra ≫ Collaboration Version8.8.15 Updatep34
Zimbra ≫ Collaboration Version8.8.15 Updatep5
Zimbra ≫ Collaboration Version9.0.0 Updatep0
Zimbra ≫ Collaboration Version9.0.0 Updatep19
Zimbra ≫ Collaboration Version9.0.0 Updatep23
Zimbra ≫ Collaboration Version9.0.0 Updatep25
Zimbra ≫ Collaboration Version9.0.0 Updatep26
Zimbra ≫ Collaboration Version9.0.0 Updatep27
Zimbra ≫ Collaboration Version9.0.0 Updatep4
Zimbra ≫ Collaboration Version9.0.0 Updatep7
Zimbra ≫ Collaboration Version9.0.0 Updatep7.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.68% | 0.74 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/
https://github.com/rapid7/metasploit-framework/pull/16807