CVE-2022-45912

Published: Dec 5, 2022Modified: Apr 24, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.

Affected (2)

Products: Zimbra: Collaboration

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zimbra Collaboration	Version 8.8.15
Zimbra Collaboration	Version 9.0.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76

Source: cve@mitre.org

Third Party Advisory

https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.