CVE-2022-27924
Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
85.4%
p100
KEV
YES
Aug 4, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
84.6%EPSS · 30 days85.4%
2026-06-302026-07-16
Product
Synacor / Zimbra Collaboration Suite (ZCS)
Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability
Added to KEV
Aug 4, 2022
Remediate by
Aug 25, 2022
Known ransomware use
Yes
Summary description
Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.
Required action
Apply updates per vendor instructions.
Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes; https://nvd.nist.gov/vuln/detail/CVE-2022-27924
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-45519—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability—CVE-2019-9670—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference—CVE-2022-27925—99.9%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability—CVE-2022-41352—99.9%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability—CVE-2022-37042—99.8%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability—CVE-2019-9621—99.6%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability—