CVE-2022-32294

Опубликовано: 11 июл. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.

Ссылки

https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
Third Party Advisory
https://github.com/soheilsamanabadi/vulnerabilitys/pull/1
Third Party Advisory
https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
https://wiki.zimbra.com/wiki/Security_Center
Not Applicable
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Not Applicable
Vendor Advisory
https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
Third Party Advisory
https://github.com/soheilsamanabadi/vulnerabilitys/pull/1
Third Party Advisory
https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
https://wiki.zimbra.com/wiki/Security_Center
Not Applicable
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Not Applicable
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zimbra:collaboration:8.8.15:*:*:*:open_source:*:*:*

EPSS

Процентиль: 84%

0.02171

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-9533-x7q2-r9j9