COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-27925

CVE-2022-27925

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-08-11
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-27925
⚡ RCE ◐ zero-day ⌖ exploited in the wild shame 95/100 ransomwarerceexploited-in-wildzero-day

Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code e

Players implicated

Synacor · vendorZimbra Collaboration Suite (ZCS) · product

Description

Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.