VDB
CVE-2023-29382
CVE-2023-29382
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
EPSS 0.76% · 73.7th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.76%
73.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| zimbra | collaboration | 8.8.15, 9.0.0, 8.8.15 |
| n/a | n/a | n/a, n/a |
Exploit Intelligence
Timeline
- May 30, 2023 CVE Published
- Jul 6, 2023 PoC Published
- Jul 7, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Nov 23, 2023 EPSS Score
- Dec 28, 2023 EPSS Score
- Feb 1, 2024 EPSS Score
- Mar 6, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- Jun 19, 2024 EPSS Score
- Jul 23, 2024 EPSS Score
References
- https://wiki.zimbra.com/wiki/Security_Center url
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.1 advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P40 advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P33 advisory
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy url
- https://nvd.nist.gov/vuln/detail/CVE-2023-29382 advisory