Rubina119

**Name of the Vulnerable Software and Affected Versions** Zimbra versions 7.2.2 through 8.0.2 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by using a .. (dot dot) in the `skin` parameter of the `/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz` endpoint. This can potentially be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. **Recommendations** For Zimbra versions 7.2.2 through 8.0.2, consider restricting access to the vulnerable endpoint `/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz` to minimize the risk of exploitation. Additionally, limit the use of the `skin` parameter to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.