Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-41352
HistorySep 26, 2022 - 2:15 a.m.

CVE-2022-41352

2022-09-2602:15:10
Google
osv.dev
13
zimbra
arbitrary files
file upload
access control
amavis
prerequisites
ubuntu
red hat

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.927

Percentile

99.1%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

Related

thn 3
securelist 2
nvd 1
cnvd 1
prion 1
cisa_kev 1
githubexploit 2
hivepro 1
cvelist 1
cve 1
packetstorm 1
zdt 1
metasploit 1
nessus 2
rapid7blog 2
attackerkb 3
qualysblog 2
ics 1
thn
thn
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
2023-04-04 13:16:00
Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50:00
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
2022-10-08 07:50:00
securelist
securelist
Advanced threat predictions for 2023
2022-11-14 08:00:24
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
nvd
nvd
CVE-2022-41352
2022-09-26 02:15:10
cnvd
cnvd
Zimbra Collaboration Suite Remote Code Execution Vulnerability
2022-09-28 00:00:00
prion
prion
Design/Logic Flaw
2022-09-26 02:15:00
cisa_kev
cisa_kev
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
2022-10-20 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Zimbra Collaboration
2022-11-11 20:58:08
Exploit for Path Traversal in Zimbra Collaboration
2022-10-10 13:04:34
hivepro
hivepro
Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite
2022-10-11 07:28:31
cvelist
cvelist
CVE-2022-41352
2022-09-26 00:00:00
cve
cve
CVE-2022-41352
2022-09-26 02:15:10
packetstorm
packetstorm
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
zdt
zdt
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
metasploit
metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
nessus
nessus
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
2022-10-13 00:00:00
Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities
2022-10-13 00:00:00
rapid7blog
rapid7blog
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
2022-10-06 17:13:34
Metasploit Weekly Wrap-Up
2022-10-21 17:31:54
attackerkb
attackerkb
CVE-2022-40684
2022-10-18 00:00:00
CVE-2023-2868
2023-07-05 00:00:00
CVE-2022-41352
2022-09-26 00:00:00
qualysblog
qualysblog
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.
2022-10-11 20:00:00
ics
ics
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
2024-07-25 12:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.927

Percentile

99.1%

JSON
Related for OSV:CVE-2022-41352
thn3securelist2nvd1cnvd1prion1cisa_kev1githubexploit2hivepro1cvelist1cve1packetstorm1zdt1metasploit1nessus2rapid7blog2attackerkb3qualysblog2ics1