Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.

Zimbra Collaboration (aka ZCS) allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.

Successful exploitation may result in the leakage of the target users' plaintext passwords.

According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities, including the following:

  - A vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a     targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached     entries. (CVE-2022-27924)

  - Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and     extracts files from it. An authenticated user with administrator rights has the ability to upload     arbitrary files to the system, leading to directory traversal. (CVE-2022-27925)

  - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the     remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)

  - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules     pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache     HTTP Server 2.4.48 and earlier. (CVE-2021-39275)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
113311	Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 31 / 9.0.0 < 9.0.0 Patch 24 Command Injection	Web App Scanning	Component Vulnerability	high
163072	Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 31 / 9.0.0 < 9.0.0 Patch 24 Multiple Vulnerabilities	Nessus	CGI abuses	critical

Detections

Analytics

CVE-2022-27924

high

Tenable Plugins

high

critical