CVE-2022-37042 - Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability

Project:Synacor

Product:Zimbra Collaboration Suite (ZCS)

Date Added:2022-08-11Due Date:2022-09-01Last Updated:June 21, 2025

Vulnerability Name

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability

Description

Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

https://nvd.nist.gov/vuln/detail/CVE-2022-37042

Vulnerability Name

Description

Known To Be Used in Ransomware Campaigns?

Action

Additional Notes

Related Weaknesses