Zimbra · Zimbra Collaboration Suite · CVE-2022-37393
**Name of the Vulnerable Software and Affected Versions**
Zimbra Collaboration Suite (affected versions not specified)
**Description**
The issue is related to the sudo configuration in Zimbra, which allows the zimbra user to execute the zmslapd binary as root with arbitrary parameters. The zmslapd binary can load a user-defined configuration file that includes plugins in the form of .so files, which execute as root. This is associated with inadequate access control in the zmslapd function of the Zimbra Collaboration Suite, potentially allowing an attacker to execute arbitrary code.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.