Zimbra Collaboration Suite mboximport path traversal

Added: 08/30/2022

Background

Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises.

Problem

A path traversal vulnerability in the mboximport function could allow a remote attacker to create arbitrary JSP files within the web document root, leading to command execution.

Resolution

Upgrade to Zimbra Collaboration Suite 8.8.15 patch 31 or 9.0.0 patch 24 or higher.

References

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24#Security_Fixes

Platforms

Linux

Back to exploit index