CVE-2023-34193

HIGH

Zimbra ZCS 8.8.15 - RCE

Title source: llm

Description

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.

References (3)

Core 3

Core References

Release Notes, Vendor Advisory

https://wiki.zimbra.com/wiki/Security_Center

Not Applicable

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

Vendor Advisory

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Scores

CVSS v3 8.8

EPSS 0.0048

EPSS Percentile 65.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

zimbra/collaboration 8.8.15 (37 CPE variants)

Published Jul 06, 2023

Tracked Since Feb 18, 2026