Vulnerability Details : CVE-2023-29382
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Vulnerability category: Execute code
Products affected by CVE-2023-29382
- cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-29382
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-29382
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-29382
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-29382
-
https://wiki.zimbra.com/wiki/Security_Center
Security Center - Zimbra :: Tech CenterRelease Notes;Vendor Advisory
-
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
Zimbra Responsible Disclosure Policy - Zimbra :: Tech CenterNot Applicable
Jump to