CVE-2022-41352

Scores

EPSS

0.940high94.0%

0%20%40%60%80%100%

Percentile: 94.0%

CVSS

9.8critical3.x

0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x

9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-22

Related Vulnerabilities

BDU:2022-06069

Exploits

Exploit ID: CVE-2022-41352

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Vulnerable Software (2)

Type: Configuration

Vendor: *

Product: zimbra_collaboration_suite

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collabo...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: zimbra_collaboration_suite

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collab...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p12:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p13:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p14:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p15:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p16:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p17:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p18:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p19:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p20:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p21:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p22:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p23:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p24:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p25:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p26:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p27:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p28:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p29:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p30:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31.1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p32:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p33:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2022-41352

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (2)