NVD disclosure day
CVE-2022-27926
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in Zimbra Collaboration may allow attackers to inject script or HTML via request parameters. This could impact organizations by potentially compromising data or disrupting services. The realistic business risk is that unauthorized parties could gain access to sensitive information or manipulate user int
CVE-2022-27925
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An authenticated administrator using Zimbra Collaboration can exploit a file import vulnerability to upload arbitrary files. This allows for directory traversal, potentially leading to unauthorized data access and system compromise, posing a significant business risk.
CVE-2022-27924
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Zimbra Collaboration Suite is affected by a command injection vulnerability that allows unauthenticated attackers to overwrite cached data. This presents a business risk of unauthorized data modification and service disruption. Organizations should prioritize remediation to mitigate potential impacts.