VDB
CVE-2022-37043
CVE-2022-37043
PUBLISHED
An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.
EPSS 0.45% · 64.0th percentile
Risk Scores
EPSS Score
0.45%
64.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| zimbra | collaboration | 8.8.15, 9.0.0 |
Exploit Intelligence
Timeline
- Aug 11, 2022 CVE Published
- Aug 12, 2022 EPSS Score
- Aug 16, 2022 CVE Updated
- Sep 27, 2022 EPSS Score
- Nov 12, 2022 EPSS Score
- Dec 28, 2022 EPSS Score
- Feb 12, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 31, 2023 EPSS Score
- May 16, 2023 EPSS Score
- Jul 1, 2023 EPSS Score
- Aug 16, 2023 EPSS Score
References
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories url
- https://wiki.zimbra.com/wiki/Security_Center url
- https://nvd.nist.gov/vuln/detail/CVE-2022-37043 advisory
- https://wiki.zimbra.com/index.php/Zimbra_Releases/8.8.15/P33 advisory
- https://wiki.zimbra.com/index.php/Zimbra_Releases/9.0.0/P26 advisory