Vulnerability identifier: #VU66165

Vulnerability risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-37042

CWE-ID: CWE-287

Exploitation vector: Network

Exploits in database: 5

• December 14, 2022
  • CVE-2022-37042 (CVE-2022-37042 Zimbra Auth Bypass leads to RCE) [Github]
• September 25, 2022
  • Zimbra (CVE-2022-27925) [Github]
• August 25, 2022
  • CVE-2022-37042 (Zimbra CVE-2022-37042 Nuclei weaponized template) [Github]
• August 23, 2022
  • Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925) [Metasploit]
• August 20, 2022
  • Zimbra_CVE-2022-37042-_CVE-2022-27925 () [Github]

Impact: Data manipulation

Vulnerable software:
Zimbra Collaboration
Web applications / Webmail solutions

Vendor: Synacor Inc.