CVE-2022-24682 (GCVE-0-2022-24682)

Vulnerability from cvelistv5 – Published: 2022-02-09 03:19 – Updated: 2025-10-21 23:15
VLAI? CISA KEV
Summary
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • n/a
Assigner
References
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: b455d80b-c6e7-4ae7-afb4-f233bfeffe0f

Vulnerability ID: CVE-2022-24682

Status: Confirmed

Status Updated: 2022-02-25 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2022-02-25
Asserted: 2022-02-25
Scope
Notes: KEV entry: Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability | Affected: Synacor / Zimbra Collaborate Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-11 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-24682
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-79 CWE-116
Feed CISA Known Exploited Vulnerabilities Catalog
Product Zimbra Collaborate Suite (ZCS)
Due Date 2022-03-11
Date Added 2022-02-25
Vendorproject Synacor
Vulnerabilityname Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
Knownransomwarecampaignuse Known
References
Created: 2026-02-02 12:28 UTC | Updated: 2026-02-02 12:28 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.zimbra.com/wiki/Security_Center"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-24682",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T21:19:33.587330Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-02-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-116",
                "description": "CWE-116 Improper Encoding or Escaping of Output",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:48.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-02-25T00:00:00+00:00",
            "value": "CVE-2022-24682 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-09T03:19:04.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.zimbra.com/wiki/Security_Center"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-24682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
              "refsource": "MISC",
              "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
            },
            {
              "name": "https://wiki.zimbra.com/wiki/Security_Center",
              "refsource": "MISC",
              "url": "https://wiki.zimbra.com/wiki/Security_Center"
            },
            {
              "name": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/",
              "refsource": "MISC",
              "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
            },
            {
              "name": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/",
              "refsource": "MISC",
              "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
            },
            {
              "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30",
              "refsource": "MISC",
              "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24682",
    "datePublished": "2022-02-09T03:19:04.000Z",
    "dateReserved": "2022-02-09T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:48.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-24682",
      "cwes": "[\"CWE-79\", \"CWE-116\"]",
      "dateAdded": "2022-02-25",
      "dueDate": "2022-03-11",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2022-24682",
      "product": "Zimbra Collaborate Suite (ZCS)",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.",
      "vendorProject": "Synacor",
      "vulnerabilityName": "Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-03-11",
      "cisaExploitAdd": "2022-02-25",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Zimbra Webmail Cross-Site Scripting Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.8\", \"versionEndExcluding\": \"8.8.15\", \"matchCriteriaId\": \"9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA48C450-201C-4398-AB65-EF6F95FB0380\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F759114-CF2D-48BF-8D09-EBE8D1ED1949\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*\", \"matchCriteriaId\": \"C43634F5-2946-44D2-8A50-B717374A8126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"20315895-5410-4B88-B2D9-E9C5D79A64DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF405091-A832-4945-87EC-AA525F37DF91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9B6FFA8-CFD2-47C6-9475-79210CB9AA84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*\", \"matchCriteriaId\": \"964CA714-937C-4FC0-A1E9-07F846C786BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAF8F155-1406-46ED-A81F-BCC4CE525F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A8F56B-3457-4C19-B213-3B04FEE8D7A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4F8D255-3F91-45FF-9133-4023BA688F9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"37BC4DF5-D111-4295-94FC-AA8929CDF2A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9D50108-0404-4791-8057-DB1786D311C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*\", \"matchCriteriaId\": \"858727DB-AE6F-435D-B8FD-6C94C3400E40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FA6AC95-288C-4ABA-B2A7-47E4134EDC31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AA82728-5901-482A-83CF-F883D4B6A8E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E762792-542E-43D0-A95A-E7F48F328A28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DD4641A-EC23-4B1A-8729-9AECD70390AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*\", \"matchCriteriaId\": \"840F98DC-57F1-4054-A6C1-6E7F0340AC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE2A1305-68B7-4CB7-837F-4EDE2EBED507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"21768A61-7578-4EEC-A23B-FEC10CAA9EDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"661403E7-1D65-4710-8413-47D74FF65BE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"0695D2E0-45B3-493C-BA6D-471B90C0ACC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"714FAFE6-68AE-4304-B040-48BC46F85A2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"73FC2D2D-8BBD-4259-8B35-0D9BFA40567B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB97E9E6-CC4A-458D-B731-6D51130B942C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA688C43-846A-4C4A-AEDB-113D967D3D73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\\u00f3n 1), como es explotado \\\"in the wild\\\" a partir de diciembre 2021. Un atacante podr\\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento\"}]",
      "id": "CVE-2022-24682",
      "lastModified": "2024-11-21T06:50:51.877",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-02-09T04:15:07.400",
      "references": "[{\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-116\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24682\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-09T04:15:07.400\",\"lastModified\":\"2025-11-04T16:46:49.883\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\u00f3n 1), como es explotado \\\"in the wild\\\" a partir de diciembre 2021. Un atacante podr\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-02-25\",\"cisaActionDue\":\"2022-03-11\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0\",\"versionEndExcluding\":\"8.8.15\",\"matchCriteriaId\":\"0696BCE7-5351-4B01-9593-BA8BFB2D3A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E39A855-C0EB-4448-AE96-177757C40C66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE7BE6E-7A9A-40C7-B236-7A21103E9F41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5924FFC-BA19-48B3-BF4D-0C2DB3FCD407\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"7822D273-C2CB-4EFE-B929-3D34C65E005E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81528E8-FE3A-4C48-A747-34A3FF28BCAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"D772D4BA-9ED6-492C-A0D3-0AF4F3D49037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A468FE-B59B-4CE9-B9B2-C836EEAFA3E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BECDE0-F082-49FB-ACA2-5C808902AA17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"56558FD4-4391-4199-BA6B-B53F5DC30144\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A530D3-B84E-427B-BC92-64BBFEF331BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0DCE7F-85A4-44C6-88C8-380B0BBBFA7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"180AF8B6-55AE-460C-B613-37FB697B5325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCB5528-70FD-4525-A78B-D5537609331A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"34B07279-A26A-4EB1-8B33-885AD854018B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"97402ADA-AB05-4A92-920D-EA5363424FDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"697A1D34-FF0C-4F9E-8E91-34404A366D70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"9030D096-87A1-4AFF-BB7C-CE71990005B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"F211A8B1-E33E-49BE-9C18-31B1902EB4FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"4152CEA2-9DC1-4567-BAB3-9C36F74F77EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BC02B35-7FC4-41AB-8D2E-2CD1896D84C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"0294CB8B-B0AF-4A5C-B6B2-33F5BFFFBD4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p28:*:*:*:*:*:*\",\"matchCriteriaId\":\"968A75B4-6D23-4B83-A8B5-777D8F151E04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p29:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E11BC24-56A3-4CAB-B0B2-D2430CD80767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A1314A-20C8-42D7-9387-D914999EEAF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF091C5-8DC6-4A41-9E84-F53BE703F71B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACD65C28-9716-4073-8613-C4AF12684760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C58AFFF-848F-490D-A95C-03A267C2DC98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"B62DC188-89A8-4AEA-90AE-563F0BBEFC54\"}]}]}],\"references\":[{\"url\":\"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.185Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24682\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T21:19:33.587330Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-02-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-02-25T00:00:00+00:00\", \"value\": \"CVE-2022-24682 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-116\", \"description\": \"CWE-116 Improper Encoding or Escaping of Output\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T21:19:00.884Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-02-09T03:19:04.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"name\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"refsource\": \"MISC\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"name\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"name\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"refsource\": \"MISC\"}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"name\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"refsource\": \"MISC\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"name\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-24682\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-24682\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T18:48:15.354Z\", \"dateReserved\": \"2022-02-09T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-02-09T03:19:04.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.