Technical Severity
CRITICALCVSS v3.1 Metrics
9.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitation Likelihood
EPSS Prediction
88.26
%
Predictive Probability
Percentile Rank
99.8
th
Documented as more likely to be exploited than 99.8% of known CVEs.
Detection Date
Aug 11, 2022
Remediation Due
Sep 01, 2022
CISA Catalog Active
Threat Analysis
Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.
Remediation Directive
Apply updates per vendor instructions.