admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-246xx/CVE-2022-24682.json
cad-safe-bot 22a9c10e27 Auto-Update: 2025-02-27T03:00:20.119429+00:00
2025-02-27 03:03:52 +00:00

358 lines
13 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-24682",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-09T04:15:07.400",
"lastModified": "2025-02-27T02:00:01.920",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."
},
{
"lang": "es",
"value": "Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\u00f3n 1), como es explotado \"in the wild\" a partir de diciembre 2021. Un atacante podr\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"cisaExploitAdd": "2022-02-25",
"cisaActionDue": "2022-03-11",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.8",
"versionEndExcluding": "8.8.15",
"matchCriteriaId": "9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink