CVE-2022-37042

NVD Published Date: August 12, 2022 at 03:15 PM
NVD Last Modified: August 08, 2023 at 02:22 PM
Download Patch
Vulnerability ID
CVE-2022-37042
Severity
CRITICAL
Severity Score
9.8
Summary
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-22

Recent Publish

CVE-2022-35914

CVE-2024-8087

CVE-2024-8086

CVE-2024-38210

CVE-2024-38208

CVE-2024-38209

See SecOps Solution
in action

Schedule Demo