First published: Wed Apr 20 2022(Updated: )
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =8.8.15 | |
Zimbra Collaboration | =9.0.0 | |
Zimbra Collaboration (ZCS) | ||
=8.8.15 | ||
=9.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-27924 is high with a CVSS score of 7.5.
CVE-2022-27924 affects Zimbra Collaboration (ZCS) versions 8.8.15 and 9.0.
An unauthenticated attacker can exploit CVE-2022-27924 by injecting arbitrary memcache commands into a targeted Zimbra Collaboration instance.
CVE-2022-27924 allows an attacker to overwrite arbitrary cached entries, potentially leading to unauthorized access or denial of service.
To fix CVE-2022-27924, it is recommended to upgrade Zimbra Collaboration to a patched version.