Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 18 of 18
Filters:
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2023-34192

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-25
  • Due Date: 2025-03-18
Additional Notes
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2023-34192
Mitel | SIP Phones

CVE-2024-41710

Mitel SIP Phones Argument Injection Vulnerability: Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Related CWE: CWE-88

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-12
  • Due Date: 2025-03-05
Additional Notes
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710
Mitel | MiCollab

CVE-2024-41713

Mitel MiCollab Path Traversal Vulnerability: Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-07
  • Due Date: 2025-01-28
Additional Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-41713
Mitel | MiCollab

CVE-2024-55550

Mitel MiCollab Path Traversal Vulnerability: Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-07
  • Due Date: 2025-01-28
Additional Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55550
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2024-45519

Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-10-03
  • Due Date: 2024-10-24
Additional Notes
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2023-37580

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-07-27
  • Due Date: 2023-08-17
Additional Notes
https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2023-37580
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2022-27926

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.

Related CWEs: CWE-79| CWE-138

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-03
  • Due Date: 2023-04-24
Additional Notes
https://wiki.zimbra.com/wiki/Security_Center; https://nvd.nist.gov/vuln/detail/CVE-2022-27926
Mitel | MiVoice Connect

CVE-2022-41223

Mitel MiVoice Connect Code Injection Vulnerability: The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-21
  • Due Date: 2023-03-14
Additional Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008; https://nvd.nist.gov/vuln/detail/CVE-2022-41223
Mitel | MiVoice Connect

CVE-2022-40765

Mitel MiVoice Connect Command Injection Vulnerability: The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-21
  • Due Date: 2023-03-14
Additional Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007; https://nvd.nist.gov/vuln/detail/CVE-2022-40765
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2022-41352

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-20
  • Due Date: 2022-11-10
Additional Notes
https://wiki.zimbra.com/wiki/Security_Center; https://nvd.nist.gov/vuln/detail/CVE-2022-41352
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2022-37042

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-11
  • Due Date: 2022-09-01
Additional Notes
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-37042
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2022-27925

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-11
  • Due Date: 2022-09-01
Additional Notes
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-27925
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2022-27924

Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.

Related CWE: CWE-93

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-04
  • Due Date: 2022-08-25
Additional Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes; https://nvd.nist.gov/vuln/detail/CVE-2022-27924
Mitel | MiVoice Connect

CVE-2022-29499

Mitel MiVoice Connect Data Validation Vulnerability: The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-27
  • Due Date: 2022-07-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-29499
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2018-6882

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-19
  • Due Date: 2022-05-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-6882
Mitel | MiCollab, MiVoice Business Express

CVE-2022-26143

MiCollab, MiVoice Business Express Access Control Vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.

Related CWEs: CWE-306| CWE-406

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-26143
Synacor | Zimbra Collaborate Suite (ZCS)

CVE-2022-24682

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.

Related CWEs: CWE-79| CWE-116

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-25
  • Due Date: 2022-03-11
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-24682
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2019-9670

Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference: Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.

Related CWE: CWE-611

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-10
  • Due Date: 2022-07-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-9670

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now