GCVE - cpe:2.3:a:zimbra:collaboration:8.8.15:*:*:*:open

Approved changes feed: RSS · Atom

cpe:2.3:a:zimbra:collaboration:8.8.15:*:*:*:open_source:*:*:*

part: a version: 8.8.15 update: *

Vendor	Zimbra (`2c2042e1-5f4a-5590-841f-bd7953d2bb5f`)
Product	Collaboration (`dc8aeab5-e039-5ffe-a16a-100a59003217`)
Edition	*
Language	*
Software edition	open_source
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/zimbra/zm-build`	purl2cpe	2026-06-01 10:12:36.214117
`pkg:sourceforge/zimbra`	purl2cpe	2026-06-01 10:12:36.214119

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-32294`	vulnerable	2026-06-08 05:44:43.157956	Details available Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced. Published: 2022-07-11T00:00:00.000Z Updated: 2024-08-03T07:39:50.523Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command https://github.com/soheilsamanabadi/vulnerabilitys/pull/1	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.