vulnerability
Ubuntu: USN-6876-1 (CVE-2022-26562): Kopano Core vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Apr 1, 2022 | Jul 9, 2024 | Aug 18, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Apr 1, 2022
Added
Jul 9, 2024
Modified
Aug 18, 2025
Description
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).
Solutions
ubuntu-pro-upgrade-kopano-archiverubuntu-pro-upgrade-kopano-contactsubuntu-pro-upgrade-kopano-dagentubuntu-pro-upgrade-kopano-gatewayubuntu-pro-upgrade-kopano-icalubuntu-pro-upgrade-kopano-libsubuntu-pro-upgrade-kopano-monitorubuntu-pro-upgrade-kopano-serverubuntu-pro-upgrade-kopano-spoolerubuntu-pro-upgrade-kopano-utilsubuntu-pro-upgrade-php-mapiubuntu-pro-upgrade-python-mapiubuntu-pro-upgrade-python3-mapi
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.