CVE-2022-45912
moderate-risk
Published 2022-12-05
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.
Do I need to act?
~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (2)
Third Party Advisory
https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76
Third Party Advisory
https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76
39
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
6/34 · Minimal
Exposure
7/34 · Low