CVE-2022-27924

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (aka ZCS) versions 8.8.15 through 9.0.0

Description The issue allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, causing an overwrite of arbitrary cached entries. This can be exploited to execute arbitrary commands and potentially steal user credentials. The vulnerability is being actively exploited.

Recommendations For Zimbra Collaboration (aka ZCS) versions 8.8.15 through 9.0.0, update to version 8.8.15 P31.1 or 9.0.0 P24.1 to resolve the issue. As a temporary workaround, consider restricting access to memcache commands to minimize the risk of exploitation.