clayton@site:~/news$ cat cve-2022-27924-synacor-zimbra-collaboration-suite-zcs.log

CVE-2022-27924 — Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability

2022-08-04 • CISA Known Exploited Vulnerability

[event] Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.

> AFFECTED SOFTWARE

Field	Value
Vendor	Synacor
Product	Zimbra Collaboration Suite (ZCS)
CWE	CWE-93
CVE ID	CVE-2022-27924
Date Added	2022-08-04
Due Date	2022-08-25
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-08-25

> REFERENCES

[1] https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-27924