In Zimbra Collaboration Suite up to and including 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zimbra collaboration 9.0.0 |
||
zimbra collaboration 8.8.15 |