Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-37393

Опубликовано: 16 авг. 2022
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05122
Низкий

7.8 High

CVSS3

Дефекты

CWE-284
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-8jjp-3pj6-xx8j

CVSS3: 7.8
github
больше 3 лет назад

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

fstec логотип

BDU:2022-05280

CVSS3: 7.8
fstec
больше 3 лет назад

Уязвимость функции zmslapd корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 90%
0.05122
Низкий

7.8 High

CVSS3

Дефекты

CWE-284
NVD-CWE-noinfo