An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.
References
Link | Resource |
---|---|
https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-12-05 14:15
Updated : 2022-12-08 05:45
NVD link : CVE-2022-45912
Mitre link : CVE-2022-45912
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
zimbra
- collaboration