CVE-2022-37043 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-37043 PUBLISHED

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.

EPSS 0.33% · 55.8th percentile

Risk Scores

EPSS Score

0.33%

55.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
zimbra	collaboration	8.8.15, 9.0.0

Timeline

Aug 11, 2022 CVE Published
Aug 12, 2022 EPSS Score
Aug 16, 2022 CVE Updated
Sep 27, 2022 EPSS Score
Nov 11, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 10, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 12, 2023 EPSS Score
Jun 27, 2023 EPSS Score
Aug 11, 2023 EPSS Score

References

Open in Interactive Console →