CVE-2022-45912

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 8.8.15 through 9.0

Description An issue was discovered in Zimbra Collaboration, allowing remote code execution through the ClientUploader utility by an authenticated admin user. The admin user can upload files and traverse to any other directory for remote code execution.

Recommendations For versions 8.8.15 and 9.0, consider disabling the ClientUploader utility until a patch is available to prevent remote code execution. Restrict access to the ClientUploader utility to minimize the risk of exploitation. Avoid using the ClientUploader utility for file uploads until the issue is resolved.