Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zimbra collaboration 9.0.0 |
||
zimbra collaboration 8.8.15 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here's how to detect an intrusion via vulnerable email systems How do you choose a Cloud Security Provider?
Organizations that didn't immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam. In a security alert updated on Monday, the US government's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbr...