First published: Thu Aug 11 2022(Updated: )
Zimbra Collaboration (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =8.8.15 | |
Zimbra Collaboration | =9.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37042 is a vulnerability in Zimbra Collaboration Suite (ZCS) that allows an attacker to bypass authentication and upload arbitrary files to the system, leading to directory traversal and remote code execution.
CVE-2022-37042 allows attackers to bypass authentication and upload arbitrary files to the system, which can lead to directory traversal and remote code execution.
Zimbra Collaboration Suite versions 8.8.15 and 9.0.0 are affected by CVE-2022-37042.
CVE-2022-37042 has a severity rating of 9.8 (critical).
To mitigate the CVE-2022-37042 vulnerability, it is recommended to update Zimbra Collaboration Suite to a patched version provided by the vendor.