9.8

CVE-2023-29382

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZimbraCollaboration Version8.8.15 Update-
ZimbraCollaboration Version8.8.15 Updatep1
ZimbraCollaboration Version8.8.15 Updatep10
ZimbraCollaboration Version8.8.15 Updatep11
ZimbraCollaboration Version8.8.15 Updatep12
ZimbraCollaboration Version8.8.15 Updatep13
ZimbraCollaboration Version8.8.15 Updatep14
ZimbraCollaboration Version8.8.15 Updatep15
ZimbraCollaboration Version8.8.15 Updatep16
ZimbraCollaboration Version8.8.15 Updatep17
ZimbraCollaboration Version8.8.15 Updatep18
ZimbraCollaboration Version8.8.15 Updatep19
ZimbraCollaboration Version8.8.15 Updatep2
ZimbraCollaboration Version8.8.15 Updatep20
ZimbraCollaboration Version8.8.15 Updatep21
ZimbraCollaboration Version8.8.15 Updatep22
ZimbraCollaboration Version8.8.15 Updatep23
ZimbraCollaboration Version8.8.15 Updatep24
ZimbraCollaboration Version8.8.15 Updatep25
ZimbraCollaboration Version8.8.15 Updatep26
ZimbraCollaboration Version8.8.15 Updatep27
ZimbraCollaboration Version8.8.15 Updatep28
ZimbraCollaboration Version8.8.15 Updatep29
ZimbraCollaboration Version8.8.15 Updatep3
ZimbraCollaboration Version8.8.15 Updatep30
ZimbraCollaboration Version8.8.15 Updatep31
ZimbraCollaboration Version8.8.15 Updatep32
ZimbraCollaboration Version8.8.15 Updatep33
ZimbraCollaboration Version8.8.15 Updatep34
ZimbraCollaboration Version8.8.15 Updatep35
ZimbraCollaboration Version8.8.15 Updatep37
ZimbraCollaboration Version8.8.15 Updatep4
ZimbraCollaboration Version8.8.15 Updatep5
ZimbraCollaboration Version8.8.15 Updatep6
ZimbraCollaboration Version8.8.15 Updatep7
ZimbraCollaboration Version8.8.15 Updatep8
ZimbraCollaboration Version8.8.15 Updatep9
ZimbraCollaboration Version9.0.0
ZimbraCollaboration Version9.0.0 Update-
ZimbraCollaboration Version9.0.0 Updatep0
ZimbraCollaboration Version9.0.0 Updatep1
ZimbraCollaboration Version9.0.0 Updatep10
ZimbraCollaboration Version9.0.0 Updatep11
ZimbraCollaboration Version9.0.0 Updatep12
ZimbraCollaboration Version9.0.0 Updatep13
ZimbraCollaboration Version9.0.0 Updatep14
ZimbraCollaboration Version9.0.0 Updatep15
ZimbraCollaboration Version9.0.0 Updatep16
ZimbraCollaboration Version9.0.0 Updatep19
ZimbraCollaboration Version9.0.0 Updatep2
ZimbraCollaboration Version9.0.0 Updatep20
ZimbraCollaboration Version9.0.0 Updatep21
ZimbraCollaboration Version9.0.0 Updatep23
ZimbraCollaboration Version9.0.0 Updatep24
ZimbraCollaboration Version9.0.0 Updatep24.1
ZimbraCollaboration Version9.0.0 Updatep25
ZimbraCollaboration Version9.0.0 Updatep26
ZimbraCollaboration Version9.0.0 Updatep27
ZimbraCollaboration Version9.0.0 Updatep3
ZimbraCollaboration Version9.0.0 Updatep4
ZimbraCollaboration Version9.0.0 Updatep5
ZimbraCollaboration Version9.0.0 Updatep6
ZimbraCollaboration Version9.0.0 Updatep7
ZimbraCollaboration Version9.0.0 Updatep7.1
ZimbraCollaboration Version9.0.0 Updatep8
ZimbraCollaboration Version9.0.0 Updatep9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.57% 0.677
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://wiki.zimbra.com/wiki/Security_Center
Vendor Advisory
Release Notes