China National Vulnerability DatabaseCNVD-2022-71402

HistoryApr 22, 2022 - 12:00 a.m.

Vulners
/
Cnvd
/
Zimbra File Upload Vulnerability

Zimbra File Upload Vulnerability

2022-04-2200:00:00

China National Vulnerability Database

www.cnvd.org.cn

0.948 High

EPSS

Percentile

99.3%

JSON

Zimbra Collaboration (aka ZCS) versions 8.8.15 and 9.0 are vulnerable to a file upload vulnerability that stems from a lack of valid authentication of uploaded files by the application. An authenticated attacker with administrator privileges could exploit the vulnerability to be able to upload arbitrary files to the system, which could lead to remote code execution.

CPENameOperatorVersion
zimbra zimbra collaborationeq8.8.15
zimbra zimbra collaborationeq9.0

CPE	Name	Operator	Version
	zimbra zimbra collaboration	eq	8.8.15
	zimbra zimbra collaboration	eq	9.0

cvelist 2

prion 2

githubexploit 6

metasploit 1

osv 2

nvd 2

hivepro 1

cve 2

cisa_kev 2

attackerkb 5

checkpoint_advisories 1

nuclei 1

malwarebytes 1

packetstorm 1

zdt 1

thn 2

rapid7blog 3

nessus 2

ics 2

cvelist

CVE-2022-27925

2022-04-20 23:23:25

CVE-2022-37042

2022-08-11 19:37:27

prion

Directory traversal

2022-04-21 00:15:00

Directory traversal

2022-08-12 15:15:00

githubexploit

Exploit for Path Traversal in Zimbra Collaboration

2022-08-26 20:19:48

Exploit for Path Traversal in Zimbra Collaboration

2022-08-20 15:58:29

Exploit for Path Traversal in Zimbra Collaboration

2022-08-14 22:22:55

metasploit

Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)

2022-08-23 16:43:51

osv

CVE-2022-27925

2022-04-21 00:15:08

CVE-2022-37042

2022-08-12 15:15:16

nvd

CVE-2022-27925

2022-04-21 00:15:08

CVE-2022-37042

2022-08-12 15:15:16

hivepro

Unknown Attackers exploit several vulnerabilities in Zimbra Collaboration Suite

2022-08-18 06:47:31

cve

CVE-2022-27925

2022-04-21 00:15:08

CVE-2022-37042

2022-08-12 15:15:16

cisa_kev

Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability

2022-08-11 00:00:00

Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability

2022-08-11 00:00:00

attackerkb

CVE-2022-37042

2022-08-12 00:00:00

CVE-2022-27924

2022-08-16 00:00:00

CVE-2022-36804

2022-08-24 00:00:00

checkpoint_advisories

Zimbra Collaboration Directory Traversal (CVE-2022-27925; CVE-2022-37042)

2022-08-16 00:00:00

nuclei

Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution

2022-08-17 03:20:32

malwarebytes

[updated] Thousands of Zimbra mail servers backdoored in large scale attack

2022-08-11 13:00:00

packetstorm

Zimbra Zip Path Traversal

2022-08-24 00:00:00

zdt

Zimbra Zip Path Traversal Exploit

2022-08-25 00:00:00

thn

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

2023-02-02 09:45:00

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

2022-08-12 06:14:00

rapid7blog

Metasploit Wrap-Up

2022-08-26 21:47:13

Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite

2022-08-17 12:55:18

What’s New in InsightVM and Nexpose: Q3 2022 in Review

2022-09-28 14:11:35

nessus

Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 33 / 9.0.0 < 9.0.0 Patch 26 Multiple Vulnerabilities

2022-08-23 00:00:00

Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 31 / 9.0.0 < 9.0.0 Patch 24 Multiple Vulnerabilities

2022-07-13 00:00:00

ics

Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

2023-01-27 12:00:00

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

2023-10-05 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

Zimbra File Upload Vulnerability

Related