← Zuruck zu CVEs

CVE-2022-27925

HIGHCISA KEV

7.2

Beschreibung

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

CVE Details

CVSS v3.1 Bewertung7.2

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht4/21/2022

Zuletzt geandert10/31/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerSynacor

ProduktZimbra Collaboration Suite (ZCS)

SchwachstellennameSynacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

KEV Aufnahmedatum2022-08-11

Behebungsfrist2022-09-01

Ransomware-NutzungKnown

Betroffene Produkte

synacor:zimbra_collaboration_suite

Schwachen (CWE)

CWE-22CWE-22

Referenzen

http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html(cve@mitre.org)

https://wiki.zimbra.com/wiki/Security_Center(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories(cve@mitre.org)

http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

https://wiki.zimbra.com/wiki/Security_Center(af854a3a-2127-422b-91ae-364da2661108)

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24(af854a3a-2127-422b-91ae-364da2661108)

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27925(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.