CVE-2022-37042

Synacor | Zimbra Collaboration Suite (ZCS)Added 2022-08-11Remediation Deadline 2022-09-01Active Ransomware Campaign

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-23

References

https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2022-37042

Cybersecurity Alerts

CVE-2022-37042

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability

Required Action

Weakness Classification

References