Lucene search

GoogleOSV:CVE-2022-37041

HistoryAug 12, 2022 - 3:15 p.m.

CVE-2022-37041

2022-08-1215:15:16

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.5%

JSON

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting).

CPENameOperatorVersion
zm-buildeq8.8.9
zm-buildeq8.8.9.p1
zm-buildeq8.8.9.p3
zm-buildeq8.8.11
zm-buildeq8.8.15
zm-buildeq8.7.9
zm-buildeq8.7.7
zm-buildeq8.7.11
zm-buildeq8.8.4
zm-buildeq8.8.6

Name	Operator	Version
zm-build	eq	8.8.9
zm-build	eq	8.8.9.p1
zm-build	eq	8.8.9.p3
zm-build	eq	8.8.11
zm-build	eq	8.8.15
zm-build	eq	8.7.9
zm-build	eq	8.7.7
zm-build	eq	8.7.11
zm-build	eq	8.8.4
zm-build	eq	8.8.6

Rows per page:

1-10 of 201

References

wiki.zimbra.com/wiki/Security_Center

wiki.zimbra.com/wiki/Zimbra_Security_Advisories

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.5%

JSON

Related for OSV:CVE-2022-37041