CVE-2022-37393

CVE-2022-37393: Zimbra zmslapd arbitrary module load

Vendor Synacor

Product Zimbra Server

Weakness CWE-284

Published August 16, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Key dates

02Disclosure timeline

August 16, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-37393 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2022-37393

CWE CWE-284

Affected versions

Vendor Synacor

Product Zimbra Server

Affected ≥ 9.0.0.p27 and ≤ 9.0.0.p27

Vendor Synacor

Product Zimbra Server

Affected ≥ 8.8.15.p34 and ≤ 8.8.15.p34

CVE-2022-37393: Zimbra zmslapd arbitrary module load

01Description

02Disclosure timeline

03References

04Related CVE