Zimbra Collaboration (aka ZCS) versions 8.8.15 and 9.0 are vulnerable to a file upload vulnerability that stems from a lack of valid authentication of uploaded files by the application. An authenticated attacker with administrator privileges could exploit the vulnerability to be able to upload arbitrary files to the system, which could lead to remote code execution.
CPE | Name | Operator | Version |
---|---|---|---|
zimbra zimbra collaboration | eq | 8.8.15 | |
zimbra zimbra collaboration | eq | 9.0 |