Lucene search
Rapid7CVELIST:CVE-2022-37393HistoryOct 27, 2021 - 12:00 a.m.
CVE-2022-37393 Zimbra zmslapd arbitrary module load
2021-10-2700:00:00
CWE-284
rapid7
www.cve.org
1
Zimbraβs sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
CNA Affected
[
{
"product": "Zimbra Server",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0.p27",
"status": "affected",
"version": "9.0.0.p27",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.8.15.p34",
"status": "affected",
"version": "8.8.15.p34",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-37393
2022-08-16 20:15:07
metasploit
metasploit
Zimbra zmslapd arbitrary module load
2022-08-05 18:55:05
packetstorm
packetstorm
Zimbra zmslapd Privilege Escalation
2022-08-10 00:00:00
osv
osv
CVE-2022-37393
2022-08-16 20:15:07
cve
cve
CVE-2022-37393
2022-08-16 20:15:07
zdt
zdt
Zimbra zmslapd Privilege Escalation Exploit
2022-08-10 00:00:00
prion
prion
Design/Logic Flaw
2022-08-16 20:15:00
nessus
nessus
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
2022-10-13 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-08-12 18:52:27
attackerkb
attackerkb