Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
References
Link | Resource |
---|---|
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-04-20 17:15
Updated : 2022-05-03 05:59
NVD link : CVE-2022-27924
Mitre link : CVE-2022-27924
JSON object : View
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Products Affected
zimbra
- collaboration