CVE-2022-32294
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-32294
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32294.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-32294
- Published
- 2022-07-11T03:15:07.810Z
- Modified
- 2025-11-20T12:06:51.446916Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.
- Database specific
{ "isDisputed": true }- References
-
- https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
- https://github.com/soheilsamanabadi/vulnerabilitys/pull/1