Detections
Analytics
Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.7 Multiple Vulnerabilities
high Nessus Plugin ID 237012
Synopsis
The remote web server contains a web application that is affected by multiple vulnerabilities.Description
According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including:- NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. (CVE-2022-41741)
- NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. (CVE-2022-41742)
- An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. (CVE-2024-27442)
- An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code. (CVE-2024-27443)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to version 9.0.0 Patch 39, 10.0.7, or later.See Also
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Plugin Details
Severity: High
ID: 237012
File Name: zimbra_10_0_7.nasl
Version: 1.1
Type: combined
Agent: unix
Family: CGI abuses
Published: 5/21/2025
Updated: 5/21/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2022-41741
CVSS v3
Risk Factor: High
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2022-41741
Vulnerability Information
CPE: cpe:/a:zimbra:collaboration_suite
Required KB Items: installed_sw/zimbra_zcs
Patch Publication Date: 2/28/2024
Vulnerability Publication Date: 2/28/2024
CISA Known Exploited Vulnerability Due Dates: 6/9/2025
Reference Information
CVE: CVE-2022-41741, CVE-2022-41742, CVE-2024-27442, CVE-2024-27443