Description
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.
References (1)
Core 1
Core References
Third Party Advisory
https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76
Scores
CVSS v3
7.2
EPSS
0.0286
EPSS Percentile
86.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (2)
zimbra/collaboration
8.8.15
zimbra/collaboration
9.0.0
Published
Dec 05, 2022
Tracked Since
Feb 18, 2026